Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
Merged #1575 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1575#event-4458209751___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
@Conan-Kudo approved this pull request. Thanks! This looks great to me! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1575#pullrequestreview-609596056___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
@pmatilai commented on this pull request. > @@ -378,13 +378,18 @@ static void loadKeyring(rpmts ts) /* Never load the keyring if signature checking is disabled */ if ((rpmtsVSFlags(ts) & RPMVSF_MASK_NOSIGNATURES) != RPMVSF_MASK_NOSIGNATURES) { + char *kt = rpmExpand("%{?_keyring}", NULL); I'm a firm believer in many of kernel coding style principles, including naming: https://www.kernel.org/doc/html/v5.11/process/coding-style.html#naming It's a local temporary variable and doesn't carry any great big logic in it ... but making the name a *little* longer doesn't hurt and besides, you asked nicely :innocent: -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1575#discussion_r592231024___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
@Conan-Kudo commented on this pull request. > @@ -378,13 +378,18 @@ static void loadKeyring(rpmts ts) /* Never load the keyring if signature checking is disabled */ if ((rpmtsVSFlags(ts) & RPMVSF_MASK_NOSIGNATURES) != RPMVSF_MASK_NOSIGNATURES) { + char *kt = rpmExpand("%{?_keyring}", NULL); I'm not a fan of cryptic variables like `kt`, but we do this so much already... I debated whether I should ask to not make this worse, but ehh... In any case, here's a _soft_ ask to consider making this a clearer variable, but not a hard requirement. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1575#pullrequestreview-609564718___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
@Conan-Kudo approved this pull request. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1575#pullrequestreview-609563578___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
Using filesystem as keyring is an unfinished development idea from 2008 which has somehow lingered on ever after. The fs keyring behavior has potential security problems as it allows any package to drop in files at the keyring path, instantly becoming trusted keys. In some scenarios this may be a desireable feature though, and apparently some distros (Yocto at least) actually rely on this feature. The other issue is that the on-disk and rpmdb variants dont play well together, in fact they dont play together at all. The rpm keyring needs a thorough redesign but until then we dont want to force users to adjust to something that is also destined to go away. So in the meanwhile, let people choose with a macro which behavior they want, using a macro seems the lowest bar to cross. Add new %_keyring macro that accepts either `rpmdb` or `fs` values and falls back to `rpmdb` unknown/unset values. Fixes: #1543 You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1575 -- Commit Summary -- * Make the rpmdb keyring type macro-configurable -- File Changes -- M lib/rpmts.c (15) M macros.in (5) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1575.patch https://github.com/rpm-software-management/rpm/pull/1575.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1575 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint