-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gpgcheck security and usability fixes #697
gpgcheck security and usability fixes #697
Conversation
As for 9bc0ea2, I'm not sure adding the "Warning: skipped PGP checks" to |
It looks like that many tests fails on output check (stderr) where new warning is present ( |
Yeah, I want to get some feedback to make sure these changes are reasonable before rewriting all those tests to include the warning message. The most important changes in this PR are 5ab4eec (Don't allow main gpgcheck=0 to override repo config) and 01c9867 (Include RPM logs in KeyImportError). We may not want the warning when skipping GPG checks, which would certainly require a lot of changes to the tests. |
@@ -981,7 +979,7 @@ bool Transaction::Impl::check_gpg_signatures() { | |||
signature_problems.push_back( | |||
err_msg + import_repo_keys_result_to_string(ImportRepoKeysResult::ALREADY_PRESENT)); | |||
result = false; | |||
continue; | |||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure about all these breaks
. Doesn't it mean that we will return to the user only the first signature problem instead of accumulating all of them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, the benefit is that the key import error will not be buried by dozens of failure messages for the individual packages. But maybe it is best to show all of the errors. Here is what the two different outputs look like: #617 (comment).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, right. For larger transaction the new behaviour is definitely better because the root cause of the issue is more clearly visible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, prepare a PR with tests adjustments before merging this, so it could be properly tested.
I like the change, but I didn't spend enough time to provide an approval. |
When a patch for CI-dnf tests will be available I think we can merge it. Or from the second direction - the absence of patch of CI blocks a merge of this PR. |
Thanks. CI PR here: rpm-software-management/ci-dnf-stack#1343 |
The main gpgcheck option should not override the per-repo setting. The repo gpgcheck option is a child of the main gpgcheck option, so setting the main gpgcheck option will still work, but we want the repo gpgcheck option to have a higher priority. The repo-specific gpgcheck option is checked by RpmSignature::check_package_signature. Resolves one of the problems described in rpm-software-management#617.
a28078b
to
a1a0331
Compare
43eb2cd
As enumerated by Panu here: #617 (comment):
Resolves #617.