From 370b0c0358983143e4c0614b6995c60b9da5a3fe Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Tue, 15 Oct 2024 17:23:20 -0400
Subject: [PATCH] Don't pass --secret-keyring with GPG 2.4.4 (noble)

It emits a warning saying it has no effect, so just drop it entirely.
Since noble will use a fixed version of GPG, we can just check equality
of the version instead of implementing proper version comparison
schemes.
---
 securedrop/pretty_bad_protocol/_meta.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/securedrop/pretty_bad_protocol/_meta.py b/securedrop/pretty_bad_protocol/_meta.py
index 55e68a18fa..f16bfabe49 100644
--- a/securedrop/pretty_bad_protocol/_meta.py
+++ b/securedrop/pretty_bad_protocol/_meta.py
@@ -530,7 +530,8 @@ def _make_args(self, args, passphrase=False):  # type: ignore[no-untyped-def]
 
         if self.keyring:
             cmd.append("--no-default-keyring --keyring %s" % self.keyring)
-        if self.secring:
+        if self.secring and self.binary_version != "2.4.4":
+            # In GnuPG 2.4.4, --secret-keyring has no effect
             cmd.append("--secret-keyring %s" % self.secring)
 
         if passphrase: