From cdaeb4579fc35442182b476a049daffd44ceea3c Mon Sep 17 00:00:00 2001
From: John Turner <jturner.usa+gentoo@gmail.com>
Date: Sun, 26 Oct 2025 00:32:00 -0400
Subject: verify-sig.eclass: pass config opts to git via cli rather than global
 config file

---
 eclass/verify-sig.eclass | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 695918c..6ce0b0d 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -494,17 +494,20 @@ verify-sig_verify_git_repo() {
 		esac
 	done
 
-	git config --global 'gpg.ssh.allowedSignersFile' ${T}/allowed_signers || die
-
 	# gemato *requires* at least one pgp key is passed to it, so if we don't find a pgp key
 	# we don't use gemato at all.
 	ebegin "verifying ${git_dir}/${commit}"
 	case ${found_pgp_key} in
 		yes)
-			gemato gpg-wrap ${args[@]} -- git --git-dir ${git_dir} verify-commit ${commit}
+			gemato gpg-wrap ${args[@]} -- git \
+				   -c "gpg.ssh.allowedSignersFile=${T}/allowed_signers" \
+				   --git-dir ${git_dir} \
+				   verify-commit ${commit}
 			;;
 		*)
-			git --git-dir ${git_dir} verify-commit ${commit}
+			git -c "gpg.ssh.allowedSignersFile=${T}/allowed_signers" \
+				--git-dir ${git_dir} \
+				verify-commit ${commit}
 			;;
 	esac
 	eend $? || die $?
-- 
cgit v1.2.3