Also add subkeys when adding GPG keys #711
Conversation
|
Quickly glanced at the LGTM! |
|
☎️ Ping? |
| subkeys = rpmGetSubkeys(pubkey, &nsubkeys); | ||
| for (gint i = 0; i < nsubkeys; i++) { | ||
| rpmPubkey subkey = subkeys[i]; | ||
| if (rpmKeyringAddKey(keyring, subkey) < 0) { |
There was a problem hiding this comment.
In DNF only subkeys that pass the test subkey.can_sign are added. Please could you explain what exactly the code should do.
There was a problem hiding this comment.
This patch essentially matches what librpm does (see loadKeyringFromFiles()). In a quick scan, it's not clear whether librpm makes the same distinction. If not, I think this is something we'd need to fix there anyway, right? Is there anyone from the rpm team we can check with?
There was a problem hiding this comment.
@jlebon I looked into librpm. And yes, librpm does the same as this patch. I've been thinking about it. I will merge the PR. There is a plan to create GPG API in libdnf. So I hope to clarification during this work.
There was a problem hiding this comment.
@jlebon Wait? You want to make other changes to PR? Please set Labels to ready for review when the PR is ready.
There was a problem hiding this comment.
Ahh, I meant Works For Me :)
I don't have access to set labels, but the PR is ready.
There was a problem hiding this comment.
I read Wait For Me instead of Works for me :-)
librpm allows packages signed with subkeys, so we should support this too.
See coreos#1094 (comment) and rpm-software-management/libdnf#711. Update submodule: libdnf
See #1094 (comment) and rpm-software-management/libdnf#711. Update submodule: libdnf Closes: #1819 Approved by: cgwalters
3 participants
librpm allows packages signed with subkeys, so we should support this
too.