Enhance warning about RPMs that were not validate by RPM

DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. Closes: #1311
rpm-software-management · Apr 29, 2024 · 0efcfd9 · 0efcfd9
1 parent 96ed8de
commit 0efcfd9
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/libdnf5/base/transaction.cpp b/libdnf5/base/transaction.cpp
@@ -1048,6 +1048,7 @@ bool Transaction::Impl::check_gpg_signatures() {
     libdnf5::rpm::RpmSignature rpm_signature(base);
     std::set<std::string> processed_repos{};
     int num_checks_skipped = 0;
+    std::set<std::string> repo_of_checks_skipped;
     for (const auto & trans_pkg : packages) {
         if (transaction_item_action_is_inbound(trans_pkg.get_action())) {
             auto const & pkg = trans_pkg.get_package();
@@ -1060,6 +1061,7 @@ bool Transaction::Impl::check_gpg_signatures() {
             auto check_result = rpm_signature.check_package_signature(pkg);
             if (check_result == libdnf5::rpm::RpmSignature::CheckResult::SKIPPED) {
                 num_checks_skipped += 1;
+                repo_of_checks_skipped.insert(pkg.get_repo_id());
             } else if (check_result != libdnf5::rpm::RpmSignature::CheckResult::OK) {
                 // these two errors are possibly recoverable by importing the correct public key
                 auto is_error_recoverable =
@@ -1098,7 +1100,11 @@ bool Transaction::Impl::check_gpg_signatures() {
         }
     }
     if (num_checks_skipped > 0) {
-        auto warning_msg = utils::sformat(_("Warning: skipped PGP checks for {} package(s)."), num_checks_skipped);
+        auto repo_string = libdnf5::utils::string::join(repo_of_checks_skipped, ", ");
+        auto warning_msg = utils::sformat(
+            _("Warning: skipped PGP checks for {0} package(s) from {1} repository(s)."),
+            num_checks_skipped,
+            repo_string);
         signature_problems.push_back(warning_msg);
     }
     return result;

diff --git a/test/libdnf5/base/test_transaction.cpp b/test/libdnf5/base/test_transaction.cpp
@@ -38,7 +38,8 @@ void BaseTransactionTest::test_check_gpg_signatures_no_gpgcheck() {
     CPPUNIT_ASSERT(transaction.check_gpg_signatures());
     CPPUNIT_ASSERT_EQUAL((size_t)1, transaction.get_gpg_signature_problems().size());
     CPPUNIT_ASSERT_EQUAL(
-        std::string("Warning: skipped PGP checks for 1 package(s)."), transaction.get_gpg_signature_problems()[0]);
+        std::string("Warning: skipped PGP checks for 1 package(s) from repomd-repo1 repository(s)."),
+        transaction.get_gpg_signature_problems()[0]);
 }
 
 void BaseTransactionTest::test_check_gpg_signatures_fail() {

diff --git a/test/python3/libdnf5/base/test_transaction.py b/test/python3/libdnf5/base/test_transaction.py
@@ -32,7 +32,7 @@ def test_check_gpg_signatures_no_gpgcheck(self):
 
         self.assertEqual(1, transaction.get_transaction_packages_count())
         self.assertTrue(transaction.check_gpg_signatures())
-        self.assertEqual(('Warning: skipped PGP checks for 1 package(s).',),
+        self.assertEqual(('Warning: skipped PGP checks for 1 package(s) from repomd-repo1 repository(s).',),
                          transaction.get_gpg_signature_problems())
 
     def test_check_gpg_signatures_fail(self):