Skip to content

Commit

Permalink
Enhance warning about RPMs that were not validate by RPM
Browse files Browse the repository at this point in the history
DNF5 informs about number of packages that signature was not
verified, but without any additional detail. The ID of repository
provides a good hint for user why the check was skipped.

Closes: #1311
  • Loading branch information
j-mracek committed Apr 29, 2024
1 parent 96ed8de commit 0efcfd9
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 3 deletions.
8 changes: 7 additions & 1 deletion libdnf5/base/transaction.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1048,6 +1048,7 @@ bool Transaction::Impl::check_gpg_signatures() {
libdnf5::rpm::RpmSignature rpm_signature(base);
std::set<std::string> processed_repos{};
int num_checks_skipped = 0;
std::set<std::string> repo_of_checks_skipped;
for (const auto & trans_pkg : packages) {
if (transaction_item_action_is_inbound(trans_pkg.get_action())) {
auto const & pkg = trans_pkg.get_package();
Expand All @@ -1060,6 +1061,7 @@ bool Transaction::Impl::check_gpg_signatures() {
auto check_result = rpm_signature.check_package_signature(pkg);
if (check_result == libdnf5::rpm::RpmSignature::CheckResult::SKIPPED) {
num_checks_skipped += 1;
repo_of_checks_skipped.insert(pkg.get_repo_id());
} else if (check_result != libdnf5::rpm::RpmSignature::CheckResult::OK) {
// these two errors are possibly recoverable by importing the correct public key
auto is_error_recoverable =
Expand Down Expand Up @@ -1098,7 +1100,11 @@ bool Transaction::Impl::check_gpg_signatures() {
}
}
if (num_checks_skipped > 0) {
auto warning_msg = utils::sformat(_("Warning: skipped PGP checks for {} package(s)."), num_checks_skipped);
auto repo_string = libdnf5::utils::string::join(repo_of_checks_skipped, ", ");
auto warning_msg = utils::sformat(
_("Warning: skipped PGP checks for {0} package(s) from {1} repository(s)."),
num_checks_skipped,
repo_string);
signature_problems.push_back(warning_msg);
}
return result;
Expand Down
3 changes: 2 additions & 1 deletion test/libdnf5/base/test_transaction.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ void BaseTransactionTest::test_check_gpg_signatures_no_gpgcheck() {
CPPUNIT_ASSERT(transaction.check_gpg_signatures());
CPPUNIT_ASSERT_EQUAL((size_t)1, transaction.get_gpg_signature_problems().size());
CPPUNIT_ASSERT_EQUAL(
std::string("Warning: skipped PGP checks for 1 package(s)."), transaction.get_gpg_signature_problems()[0]);
std::string("Warning: skipped PGP checks for 1 package(s) from repomd-repo1 repository(s)."),
transaction.get_gpg_signature_problems()[0]);
}

void BaseTransactionTest::test_check_gpg_signatures_fail() {
Expand Down
2 changes: 1 addition & 1 deletion test/python3/libdnf5/base/test_transaction.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def test_check_gpg_signatures_no_gpgcheck(self):

self.assertEqual(1, transaction.get_transaction_packages_count())
self.assertTrue(transaction.check_gpg_signatures())
self.assertEqual(('Warning: skipped PGP checks for 1 package(s).',),
self.assertEqual(('Warning: skipped PGP checks for 1 package(s) from repomd-repo1 repository(s).',),
transaction.get_gpg_signature_problems())

def test_check_gpg_signatures_fail(self):
Expand Down

0 comments on commit 0efcfd9

Please sign in to comment.