https://bugs.gentoo.org/970711
https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/commit/90e370fef788980e49aa807ac28531264bb9f404

From 90e370fef788980e49aa807ac28531264bb9f404 Mon Sep 17 00:00:00 2001
From: Malte Meiboom <malte@sequoia-pgp.org>
Date: Fri, 20 Feb 2026 13:50:40 +0100
Subject: [PATCH] Fix missing time corrections

- `gpg-sq` can set a fake system time via `--faked-system-time`.
- Fixed some occurrences where `None` was used as time instead of the
  passed fake time.
- fixes: #156
---
 src/decrypt.rs       | 2 +-
 src/generate_key.rs  | 2 +-
 src/gpg.rs           | 2 +-
 tests/gpg/decrypt.rs | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/decrypt.rs b/src/decrypt.rs
index 2749532..d722389 100644
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -715,7 +715,7 @@ impl<'a, 'store> DHelper<'a, 'store> {
                         .filter_map(|cert| cert.to_cert().ok().cloned())
                     {
                         if let Some(key) = cert.keys()
-                            .with_policy(&self.config.de_vs_producer, None)
+                            .with_policy(&self.config.de_vs_producer, self.config.now())
                             .key_handle(recipient.clone()).next()
                         {
                             compliant = compliant &&
diff --git a/src/generate_key.rs b/src/generate_key.rs
index 85e41b4..5dd42f9 100644
--- a/src/generate_key.rs
+++ b/src/generate_key.rs
@@ -280,7 +280,7 @@ async fn real_cmd_quick_add_key(config: &mut crate::Config<'_>, args: &[String])
             all_expired_or_revoked: false,
         })?;
 
-    let vcert = cert.with_policy(config.policy(), None)?;
+    let vcert = cert.with_policy(config.policy(), config.now())?;
     let mut primary_signer =
         config.get_signer(&vcert, cert.primary_key().role_as_unspecified()).await?;
 
diff --git a/src/gpg.rs b/src/gpg.rs
index 81d5353..b4e4d38 100644
--- a/src/gpg.rs
+++ b/src/gpg.rs
@@ -721,7 +721,7 @@ impl<'store> Config<'store> {
                             all_expired_or_revoked: false,
                         })?;
 
-                    if let Ok(vcert) = cert.with_policy(self.policy(), None) {
+                    if let Ok(vcert) = cert.with_policy(self.policy(), self.now()) {
                         for sk in vcert.keys().key_flags(&flags).alive()
                             .revoked(false)
                         {
diff --git a/tests/gpg/decrypt.rs b/tests/gpg/decrypt.rs
index 3fefe95..a34f693 100644
--- a/tests/gpg/decrypt.rs
+++ b/tests/gpg/decrypt.rs
@@ -489,7 +489,7 @@ fn encrypt_for(recipient_certs: &[&Cert]) -> Result<Vec<u8>> {
         // Make sure we add at least one subkey from every
         // certificate.
         let mut found_one = false;
-        for key in cert.keys().with_policy(p, None)
+        for key in cert.keys().with_policy(p, Experiment::now())
             .supported().alive().revoked(false).for_transport_encryption()
         {
             recipients.push(key);
-- 
GitLab