subject:"\[Rpm\-maint\] \[rpm\-software\-management\/rpm\] Make the rpmdb keyring type macro\-configurable \(#1575\)"

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-15 Thread Panu Matilainen

Merged #1575 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#event-4458209751___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-11 Thread ニール・ゴンパ

@Conan-Kudo approved this pull request.

Thanks! This looks great to me!  



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#pullrequestreview-609596056___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-11 Thread Panu Matilainen

@pmatilai commented on this pull request.



> @@ -378,13 +378,18 @@ static void loadKeyring(rpmts ts)
 /* Never load the keyring if signature checking is disabled */
 if ((rpmtsVSFlags(ts) & RPMVSF_MASK_NOSIGNATURES) !=
RPMVSF_MASK_NOSIGNATURES) {
+   char *kt = rpmExpand("%{?_keyring}", NULL);

I'm a firm believer in many of kernel coding style principles, including 
naming: https://www.kernel.org/doc/html/v5.11/process/coding-style.html#naming 

It's a local temporary variable and doesn't carry any great big logic in it ... 
but making the name a *little* longer doesn't hurt and besides, you asked 
nicely :innocent:

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#discussion_r592231024___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-11 Thread ニール・ゴンパ

@Conan-Kudo commented on this pull request.



> @@ -378,13 +378,18 @@ static void loadKeyring(rpmts ts)
 /* Never load the keyring if signature checking is disabled */
 if ((rpmtsVSFlags(ts) & RPMVSF_MASK_NOSIGNATURES) !=
RPMVSF_MASK_NOSIGNATURES) {
+   char *kt = rpmExpand("%{?_keyring}", NULL);

I'm not a fan of cryptic variables like `kt`, but we do this so much already... 
I debated whether I should ask to not make this worse, but ehh... In any case, 
here's a _soft_ ask to consider making this a clearer variable, but not a hard 
requirement.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#pullrequestreview-609564718___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-11 Thread ニール・ゴンパ

@Conan-Kudo approved this pull request.





-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#pullrequestreview-609563578___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-11 Thread Panu Matilainen

Using filesystem as keyring is an unfinished development idea from 2008
which has somehow lingered on ever after.

The fs keyring behavior has potential security problems as it allows any
package to drop in files at the keyring path, instantly becoming trusted
keys.  In some scenarios this may be a desireable feature though, and
apparently some distros (Yocto at least) actually rely on this feature.
The other issue is that the on-disk and rpmdb variants dont play well
together, in fact they dont play together at all.

The rpm keyring needs a thorough redesign but until then we dont want
to force users to adjust to something that is also destined to go away.
So in the meanwhile, let people choose with a macro which behavior they
want, using a macro seems the lowest bar to cross. Add new %_keyring
macro that accepts either `rpmdb` or `fs` values and falls back to `rpmdb`
unknown/unset values.

Fixes: #1543
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1575

-- Commit Summary --

  * Make the rpmdb keyring type macro-configurable

-- File Changes --

M lib/rpmts.c (15)
M macros.in (5)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1575.patch
https://github.com/rpm-software-management/rpm/pull/1575.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

[Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

6 matches

Site Navigation

Mail list logo

Footer information