Don't pass --secret-keyring with GPG 2.4.4 (noble)

It emits a warning saying it has no effect, so just drop it entirely. Since noble will use a fixed version of GPG, we can just check equality of the version instead of implementing proper version comparison schemes.
freedomofpress · Oct 16, 2024 · 370b0c0 · 370b0c0
1 parent bf22c9f
commit 370b0c0
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/securedrop/pretty_bad_protocol/_meta.py b/securedrop/pretty_bad_protocol/_meta.py
@@ -530,7 +530,8 @@ def _make_args(self, args, passphrase=False):  # type: ignore[no-untyped-def]
 
         if self.keyring:
             cmd.append("--no-default-keyring --keyring %s" % self.keyring)
-        if self.secring:
+        if self.secring and self.binary_version != "2.4.4":
+            # In GnuPG 2.4.4, --secret-keyring has no effect
             cmd.append("--secret-keyring %s" % self.secring)
 
         if passphrase: