Description of problem: I'm looking for an elegant solution to [1] where Anaconda uses the DNF libraries to download RPMs and validate their signatures. It already uses DNF for download, dependencies, and installation of packages. Today DNF only has the GPG code in the cli section. If it were shifted into a central library and called from the cli, then anaconda could also utilize DNFs signature checking. Version-Release number of selected component (if applicable):dnf-2.4.0-2.fc26 How reproducible:100% Steps to Reproduce: 1.Try to utilize DNF as a library to validate GPG signatures of repos 2. 3. Actual results: Code only exists in cli.py Expected results: GPG checking in perhaps package.py or repo.py ? Additional info: [1] https://github.com/rhinstaller/anaconda/pull/375
Thanks for the report, I'll follow up with Anaconda team.
This would also be great for livecd-tools and appliance-tools, as I'd definitely prefer to be able to validate signatures if the user wanted to.
There's also a PR for this waiting on DNF and pykickstart: https://github.com/livecd-tools/livecd-tools/pull/14
Hi, could you estimate when this bug will be fixed, please? We are considering to use the workaround in Anaconda for now.
Hi, is there any update on this?
We don't have any estimate, but we definitely want to implement this during libdnf consolidation.
Any progress on this? It's been nearly half a year since the last request on this, and I *still* would like to resolve this such that we can have GPG checking in livecd-tools, Anaconda, and Lorax.
The GPG code is one of the libdnf parts we haven't touched yet during libdnf refactoring. The next item on the critical path is the Sack, because it's inconsistently used in libdnf (context) and dnf (Base) and is preventing us from sharing code and further progress in general. The GPG improvements will probably follow.
We have prioritized this work into our current backlog. New code will be written in libdnf, exported via SWIG to Python and provided in DNF as a public API.
dmach, jrohel, please keep me & ffesti in loop when starting working on this, it's the perfect opportunity to sanitize things. The existing code in dnf is inherited from yum and dates back to rhel-5 and rpm 4.4, lots of things have changed on rpm side since then.
Any rough timeline when this functionality might be available in DNF shipped in Fedora ? There are already at least two PRs blocked by this & it would be good to see them move them forward or at least be able to put some timeline on them getting unblocked. :) The PRs in question: https://github.com/rhinstaller/anaconda/pull/375 https://github.com/livecd-tools/livecd-tools/pull/14
The functionality was already implemented see: base.package_signature_check(self, pkg): and package_import_key(pkg, askcb=None, fullaskcb=None). Methods were introduce in dnf-4.16.1.