expired-pgp-keys: New plugin for detecting expired PGP keys

Workaround for: #1192
rpm-software-management · Jul 25, 2024 · e88960d · e88960d
1 parent 51479b9
commit e88960d
Show file tree

Hide file tree

Showing 14 changed files with 442 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -25,6 +25,7 @@ option(WITH_LIBDNF5_CLI "Build library for working with a terminal in a command-
 option(WITH_DNF5 "Build dnf5 command-line package manager" ON)
 option(WITH_DNF5_PLUGINS "Build plugins for dnf5 command-line package manager" ON)
 option(WITH_PLUGIN_ACTIONS "Build a dnf5 actions plugin" ON)
+option(WITH_PLUGIN_EXPIRED_PGP_KEYS "Build a libdnf5 expired pgp keys plugin" ON)
 option(WITH_PLUGIN_RHSM "Build a libdnf5 rhsm (Red Hat Subscription Manager) plugin" OFF)
 option(WITH_PYTHON_PLUGINS_LOADER "Build a special dnf5 plugin that loads Python plugins. Requires WITH_PYTHON3=ON." ON)
 

diff --git a/dnf5.spec b/dnf5.spec
@@ -77,6 +77,7 @@ Provides:       dnf5-command(versionlock)
 %bcond_without dnf5
 %bcond_without dnf5_plugins
 %bcond_without plugin_actions
+%bcond_without plugin_expired_pgp_keys
 %bcond_without plugin_rhsm
 %bcond_without python_plugins_loader
 
@@ -585,6 +586,24 @@ Libdnf5 plugin that allows to run actions (external executables) on hooks.
 %endif
 
 
+# ========== libdnf5-plugin-expired-pgp-keys ==========
+
+%if %{with plugin_expired_pgp_keys}
+%package -n libdnf5-plugin-expired-pgp-keys
+Summary:        Libdnf5 plugin for detecting and removing expired PGP keys
+License:        LGPL-2.1-or-later
+Requires:       libdnf5%{?_isa} = %{version}-%{release}
+
+%description -n libdnf5-plugin-expired-pgp-keys
+Libdnf5 plugin for detecting and removing expired PGP keys.
+
+%files -n libdnf5-plugin-expired-pgp-keys -f libdnf5-plugin-expired-pgp-keys.lang
+%{_libdir}/libdnf5/plugins/expired-pgp-keys.*
+%config %{_sysconfdir}/dnf/libdnf5-plugins/expired-pgp-keys.conf
+%{_mandir}/man8/libdnf5-expired-pgp-keys.8.*
+%endif
+
+
 # ========== libdnf5-plugin-plugin_rhsm ==========
 
 %if %{with plugin_rhsm}
@@ -774,6 +793,7 @@ automatically and regularly from systemd timers, cron jobs or similar.
     -DWITH_LIBDNF5_CLI=%{?with_libdnf_cli:ON}%{!?with_libdnf_cli:OFF} \
     -DWITH_DNF5=%{?with_dnf5:ON}%{!?with_dnf5:OFF} \
     -DWITH_PLUGIN_ACTIONS=%{?with_plugin_actions:ON}%{!?with_plugin_actions:OFF} \
+    -DWITH_PLUGIN_EXPIRED_PGP_KEYS=%{?with_plugin_expired_pgp_keys:ON}%{!?with_plugin_expired_pgp_keys:OFF} \
     -DWITH_PLUGIN_RHSM=%{?with_plugin_rhsm:ON}%{!?with_plugin_rhsm:OFF} \
     -DWITH_PYTHON_PLUGINS_LOADER=%{?with_python_plugins_loader:ON}%{!?with_python_plugins_loader:OFF} \
     \
@@ -864,6 +884,7 @@ popd
 %find_lang libdnf5
 %find_lang libdnf5-cli
 %find_lang libdnf5-plugin-actions
+%find_lang libdnf5-plugin-expired-pgp-keys
 %find_lang libdnf5-plugin-rhsm
 
 %ldconfig_scriptlets

diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
@@ -41,6 +41,10 @@ if(WITH_MAN)
         install(FILES ${CMAKE_CURRENT_BINARY_DIR}/man/libdnf5-actions.8 DESTINATION share/man/man8)
     endif()
 
+    if(WITH_PLUGIN_EXPIRED_PGP_KEYS)
+        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/man/libdnf5-expired-pgp-keys.8 DESTINATION share/man/man8)
+    endif()
+
     if(WITH_DNF5DAEMON_CLIENT)
         install(FILES ${CMAKE_CURRENT_BINARY_DIR}/man/dnf5daemon-client.8 DESTINATION share/man/man8)
     endif()

diff --git a/doc/conf.py.in b/doc/conf.py.in
@@ -150,6 +150,7 @@ man_pages = [
     ('dnf5_plugins/needs_restarting.8', 'dnf5-needs-restarting', 'Needs-restarting Command', AUTHORS, 8),
     ('dnf5_plugins/repoclosure.8', 'dnf5-repoclosure', 'Repoclosure Command', AUTHORS, 8),
     ('libdnf5_plugins/actions.8', 'libdnf5-actions', 'Actions Plugin', AUTHORS, 8),
+    ('libdnf5_plugins/expired-pgp-keys.8', 'libdnf5-expired-pgp-keys', 'Expired PGP Keys Plugin', AUTHORS, 8),
     ('misc/aliases.7', 'dnf5-aliases', 'Aliases for command line arguments', AUTHORS, 7),
     ('misc/caching.7', 'dnf5-caching', 'Caching', AUTHORS, 7),
     ('misc/comps.7', 'dnf5-comps', 'Comps Groups And Environments', AUTHORS, 7),

diff --git a/doc/dnf5.8.rst b/doc/dnf5.8.rst
@@ -452,6 +452,7 @@ Application Plugins:
 
 Library Plugins:
     | :manpage:`libdnf5-actions(8)`, :ref:`Actions plugin <actions_plugin_ref-label>`
+    | :manpage:`libdnf5-expired-pgp-keys(8)`, :ref:`Expired PGP keys plugin <expired-pgp-keys_plugin_ref-label>`
 
 Configuration:
     | :manpage:`dnf5-conf(5)`, :ref:`DNF5 Configuration Reference <dnf5_conf-label>`

diff --git a/doc/libdnf5_plugins/expired-pgp-keys.8.rst b/doc/libdnf5_plugins/expired-pgp-keys.8.rst
@@ -0,0 +1,40 @@
+..
+    Copyright Contributors to the libdnf project.
+
+    This file is part of libdnf: https://github.com/rpm-software-management/libdnf/
+
+    Libdnf is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 2 of the License, or
+    (at your option) any later version.
+
+    Libdnf is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with libdnf.  If not, see <https://www.gnu.org/licenses/>.
+
+.. _expired-pgp-keys_plugin_ref-label:
+
+########################
+ Expired PGP Keys Plugin
+########################
+
+Description
+===========
+
+The plugin checks for installed but expired PGP keys before executing the transaction.
+For each expired key, the user is prompted with information about the specific key
+and can confirm its removal, allowing for the import of an updated key later.
+When the ``assumeyes`` option is configured, expired keys are removed automatically.
+
+Configuration
+=============
+
+The plugin configuration is in ``/etc/dnf/libdnf5-plugins/expired-pgp-keys.conf``. All configuration
+options are in the ``[main]`` section.
+
+``enabled``
+    Whether the plugin is enabled. Default value is ``False``.
diff --git a/doc/libdnf5_plugins/index.rst b/doc/libdnf5_plugins/index.rst
@@ -9,5 +9,6 @@ LIBDNF5 Plugins
     :maxdepth: 1
 
     actions.8
+    expired-pgp-keys.8
 
 ..
diff --git a/libdnf5-plugins/CMakeLists.txt b/libdnf5-plugins/CMakeLists.txt
@@ -2,5 +2,6 @@ set(CMAKE_CXX_VISIBILITY_PRESET hidden)
 set(CMAKE_C_VISIBILITY_PRESET hidden)
 
 add_subdirectory("actions")
+add_subdirectory("expired-pgp-keys")
 add_subdirectory("python_plugins_loader")
 add_subdirectory("rhsm")
diff --git a/libdnf5-plugins/expired-pgp-keys/CMakeLists.txt b/libdnf5-plugins/expired-pgp-keys/CMakeLists.txt
@@ -0,0 +1,24 @@
+if(NOT WITH_PLUGIN_EXPIRED_PGP_KEYS)
+    return()
+endif()
+
+# set gettext domain for translations
+set(GETTEXT_DOMAIN libdnf5-plugin-expired-pgp-keys)
+add_definitions(-DGETTEXT_DOMAIN=\"${GETTEXT_DOMAIN}\")
+
+add_library(expired-pgp-keys MODULE expired-pgp-keys.cpp)
+
+# disable the 'lib' prefix in order to create expired-pgp-keys.so
+set_target_properties(expired-pgp-keys PROPERTIES PREFIX "")
+
+target_link_libraries(expired-pgp-keys PRIVATE common)
+target_link_libraries(expired-pgp-keys PRIVATE libdnf5 libdnf5-cli)
+
+pkg_check_modules(RPM REQUIRED rpm)
+target_link_libraries(expired-pgp-keys PRIVATE ${RPM_LIBRARIES})
+
+install(TARGETS expired-pgp-keys LIBRARY DESTINATION "${CMAKE_INSTALL_FULL_LIBDIR}/libdnf5/plugins/")
+
+install(FILES "expired-pgp-keys.conf" DESTINATION "${CMAKE_INSTALL_FULL_SYSCONFDIR}/dnf/libdnf5-plugins")
+
+add_subdirectory(po)
diff --git a/libdnf5-plugins/expired-pgp-keys/expired-pgp-keys.conf b/libdnf5-plugins/expired-pgp-keys/expired-pgp-keys.conf
@@ -0,0 +1,3 @@
+[main]
+name = expired-pgp-keys
+enabled = 0