gpg-agent retains YubiKey entries after card removal but resets the comment to "(none)". Treating those as valid keys causes auth to succeed against a ghost identity — skip them so the caller gets None and the missing-card error path fires correctly.
This commit is contained in:
@@ -103,6 +103,8 @@ def agent_find_key(selector: str | None = None) -> AgentKey | None:
|
||||
except Exception:
|
||||
return None
|
||||
for key in keys:
|
||||
if key.comment == "(none)":
|
||||
continue
|
||||
if selector is None or selector in key.comment:
|
||||
return key
|
||||
return None
|
||||
|
||||
Reference in New Issue
Block a user