Bug 1344270

Summary: dnf: Check package signature
Product: [oVirt] otopi Reporter: Yedidyah Bar David <didi>
Component: Plugins.packagersAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Guilherme Santos <gdeolive>
Severity: low Docs Contact:
Priority: medium    
Version: masterCC: bugs, gdeolive, lsvaty, mavital, mgregg, michal.skrivanek, sbonazzo
Target Milestone: ovirt-4.4.5Keywords: EasyFix, Reopened
Target Release: 1.9.4Flags: pm-rhel: ovirt-4.4+
ylavi: Triaged+
ylavi: planning_ack+
sbonazzo: devel_ack+
gdeolive: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: otopi-1.9.4 Doc Type: Bug Fix
Doc Text:
otopi versions until 1.5.2 used to check for rpm signatures. Then they stopped, when dnf changed its API removing the function to support this. Later, dnf reintroduced this function under a different name. With this version, otopi again checks rpm package signatures, if they are signed, and if the rpm repository is configured with 'gpgcheck=1'. If a package is signed, but the key is not found in the rpm database, but the repository points at it with 'gpgkey=', otopi now prompts, asking for confirmation for importing the key.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-15 07:39:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1339617    
Bug Blocks:    

Description Yedidyah Bar David 2016-06-09 09:54:52 UTC 
Description of problem:

dnf had an unofficial function sigCheckPkg which was removed.

I will remove its use in otopi for now, in bug 1343382, and open this bug to restore it back, once dnf has an offficial api for this, see bug 1339617.
Comment 1 Sandro Bonazzola 2016-10-24 09:14:19 UTC 
Dnf is not providing the needed API in Fedora 24, re-targeting to 4.2.
Comment 2 Michal Skrivanek 2020-03-19 15:41:40 UTC 
We didn't get to this bug for more than 2 years, and it's not being considered for the upcoming 4.4. It's unlikely that it will ever be addressed so I'm suggesting to close it.
If you feel this needs to be addressed and want to work on it please remove cond nack and target accordingly.
Comment 3 Michal Skrivanek 2020-04-01 14:47:49 UTC 
Closing old bug. Please reopen if still relevant/you want to work on it.
Comment 4 Yedidyah Bar David 2020-12-17 14:55:23 UTC 
Only now noticed bug 1339617 comment 15. So current seems like an easyfix now, might be worth opening.
Comment 6 Sandro Bonazzola 2021-01-14 06:34:13 UTC 
(In reply to Yedidyah Bar David from comment #4)
> Only now noticed bug 1339617 comment 15. So current seems like an easyfix
> now, might be worth opening.

Ok, reopening. Have you got capacity to get this in for 4.4.5?
Is DNF included in 8.3 already exposing the new API?
Comment 7 Yedidyah Bar David 2021-01-14 07:24:47 UTC 
(In reply to Sandro Bonazzola from comment #6)
> (In reply to Yedidyah Bar David from comment #4)
> > Only now noticed bug 1339617 comment 15. So current seems like an easyfix
> > now, might be worth opening.
> 
> Ok, reopening. Have you got capacity to get this in for 4.4.5?

Now pushed a revert patch, which was indeed easy. If CI passes, should probably be ok.
We should also verify with missing keys to check the behavior, that's more work.

> Is DNF included in 8.3 already exposing the new API?

It seems so, but I didn't verify. It should be part of dnf-4.2.23, which according to my logs, I got when upgrading to 8.3.