Bug 1344270 - dnf: Check package signature
Summary: dnf: Check package signature
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: otopi
Classification: oVirt
Component: Plugins.packagers
Version: master
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ovirt-4.4.5
: 1.9.4
Assignee: Yedidyah Bar David
QA Contact: Guilherme Santos
URL:
Whiteboard:
Depends On: 1339617
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-09 09:54 UTC by Yedidyah Bar David
Modified: 2021-04-15 07:39 UTC (History)
7 users (show)

Fixed In Version: otopi-1.9.4
Doc Type: Bug Fix
Doc Text:
otopi versions until 1.5.2 used to check for rpm signatures. Then they stopped, when dnf changed its API removing the function to support this. Later, dnf reintroduced this function under a different name. With this version, otopi again checks rpm package signatures, if they are signed, and if the rpm repository is configured with 'gpgcheck=1'. If a package is signed, but the key is not found in the rpm database, but the repository points at it with 'gpgkey=', otopi now prompts, asking for confirmation for importing the key.
Clone Of:
Environment:
Last Closed: 2021-04-15 07:39:01 UTC
oVirt Team: Integration
pm-rhel: ovirt-4.4+
ylavi: Triaged+
ylavi: planning_ack+
sbonazzo: devel_ack+
gdeolive: testing_ack+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1455452 0 medium CLOSED [Tracker] Adapt to dnf-2.0 2021-02-22 00:41:40 UTC
oVirt gerrit 112978 0 master MERGED minidnf: Check package signatures 2021-01-27 09:00:19 UTC

Internal Links: 1455452

Description Yedidyah Bar David 2016-06-09 09:54:52 UTC
Description of problem:

dnf had an unofficial function sigCheckPkg which was removed.

I will remove its use in otopi for now, in bug 1343382, and open this bug to restore it back, once dnf has an offficial api for this, see bug 1339617.

Comment 1 Sandro Bonazzola 2016-10-24 09:14:19 UTC
Dnf is not providing the needed API in Fedora 24, re-targeting to 4.2.

Comment 2 Michal Skrivanek 2020-03-19 15:41:40 UTC
We didn't get to this bug for more than 2 years, and it's not being considered for the upcoming 4.4. It's unlikely that it will ever be addressed so I'm suggesting to close it.
If you feel this needs to be addressed and want to work on it please remove cond nack and target accordingly.

Comment 3 Michal Skrivanek 2020-04-01 14:47:49 UTC
Closing old bug. Please reopen if still relevant/you want to work on it.

Comment 4 Yedidyah Bar David 2020-12-17 14:55:23 UTC
Only now noticed bug 1339617 comment 15. So current seems like an easyfix now, might be worth opening.

Comment 6 Sandro Bonazzola 2021-01-14 06:34:13 UTC
(In reply to Yedidyah Bar David from comment #4)
> Only now noticed bug 1339617 comment 15. So current seems like an easyfix
> now, might be worth opening.

Ok, reopening. Have you got capacity to get this in for 4.4.5?
Is DNF included in 8.3 already exposing the new API?

Comment 7 Yedidyah Bar David 2021-01-14 07:24:47 UTC
(In reply to Sandro Bonazzola from comment #6)
> (In reply to Yedidyah Bar David from comment #4)
> > Only now noticed bug 1339617 comment 15. So current seems like an easyfix
> > now, might be worth opening.
> 
> Ok, reopening. Have you got capacity to get this in for 4.4.5?

Now pushed a revert patch, which was indeed easy. If CI passes, should probably be ok.
We should also verify with missing keys to check the behavior, that's more work.

> Is DNF included in 8.3 already exposing the new API?

It seems so, but I didn't verify. It should be part of dnf-4.2.23, which according to my logs, I got when upgrading to 8.3.


Note You need to log in before you can comment on or make changes to this bug.