gemato/openpgp: correctly handle duplicate keys vs unexpected keys

The old code path had a subtle behavior bug: if an expected key appeared
twice in data from a WKD URL, it was then removed entirely.

This happened at one point due to a GPG behavior: when using --export,
if --keyring is passed twice, with different keyrings, but those
keyrings both contain the key being exported (possibly with
different signatures), then the export output will have duplicates of
PGP packets present in both keyrings (e.g. UID).

To avoid this, defer the removal of unexpected keys until the main
import is completed.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Closes: https://github.com/projg2/gemato/pull/32
Signed-off-by: Michał Górny <mgorny@gentoo.org>

0 files changed, 0 insertions, 0 deletions