Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP: Function `pgpParsePkts` supports only "PGP PUBLIC KEY BLOCK" block, "PGP SIGNATURE" is needed (Issue #2512)
@nwalfield Here is the PR https://github.com/rpm-software-management/librepo/pull/275 . It contains commit that moves the original implementation of OpenPGP using GpgMe into "gpg_gpgme.c" file and creates a new based on librpm API in the "gpg_rpm.c" file. There is a function `check_signature` which internally calls `pgpParsePkts` to parse the ASCII armored OpenPGP signature. I created the code based on the description in the "rpmgpg.h" header file and a bit of librpm reverse engineering. It's not very nice, but somehow it works. The code also implements a keyring. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2512#issuecomment-1556255299 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP: Function `pgpParsePkts` supports only "PGP PUBLIC KEY BLOCK" block, "PGP SIGNATURE" is needed (Issue #2512)
@nwalfield > Why does librepo need to parse signature files? Librepo is used to download data from rpm repositories (metadata, packages, ...). Repository metadata can be signed with an OpenPGP signature. And librepo can verify them. Sample on an existing repository: ``` [google-chrome] name=google-chrome baseurl=https://dl.google.com/linux/chrome/rpm/stable/x86_64 skip_if_unavailable=True gpgcheck=1 gpgkey=https://dl.google.com/linux/linux_signing_key.pub enabled=1 repo_gpgcheck=1 ``` `gpgkey` is a URL to a file containing multiple blocks of ASCII armored public keys (there can be multiple URLs.) The repository contains a "repomd.xml" file and a "repomd.xml.asc" file. **The "repomd.xml.asc" file is an ASCII armored OpenPGP signature that librepo needs to load in order to verify the "repomd.xml" file.** Librepo uses GpgMe. We now have a high priority to remove the dependency on GpgMe. That's why I created a new implementation in the librepo that uses the librpm API instead of GpgMe. Now it works (with some problems that I described in issues, but it works). If the `pgpParsePkts` function does not support ASCII armored signature parsing, how do I load it in the librepo? New better function? Okay, but we need it quickly. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2512#issuecomment-1556250287 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP: Function `pgpParsePkts` supports only "PGP PUBLIC KEY BLOCK" block, "PGP SIGNATURE" is needed (Issue #2512)
@mlschroe Sorry, I'm not a great English speaker, but I assume that when the function is described as `Parse armored OpenPGP packets from a file.` and returns `type of armor found`, it will return `PGPARMOR_SIGNATURE` after finding the signature. Especially when that value is part of the returned enum. Or something like "NOT_IMPLEMENTED" is also understandable. But `PGPARMOR_NONE`?. I deduce from the description of the function that this is not the expected result for the signature. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2512#issuecomment-1556243863 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint