From 0efcfd9a279ea5df93979947faa298faa7127779 Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Fri, 26 Apr 2024 16:23:17 +0200
Subject: [PATCH] Enhance warning about RPMs that were not validate by RPM

DNF5 informs about number of packages that signature was not
verified, but without any additional detail. The ID of repository
provides a good hint for user why the check was skipped.

Closes: https://github.com/rpm-software-management/dnf5/issues/1311
---
 libdnf5/base/transaction.cpp                  | 8 +++++++-
 test/libdnf5/base/test_transaction.cpp        | 3 ++-
 test/python3/libdnf5/base/test_transaction.py | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/libdnf5/base/transaction.cpp b/libdnf5/base/transaction.cpp
index de83c0cb2..20c5fc664 100644
--- a/libdnf5/base/transaction.cpp
+++ b/libdnf5/base/transaction.cpp
@@ -1048,6 +1048,7 @@ bool Transaction::Impl::check_gpg_signatures() {
     libdnf5::rpm::RpmSignature rpm_signature(base);
     std::set<std::string> processed_repos{};
     int num_checks_skipped = 0;
+    std::set<std::string> repo_of_checks_skipped;
     for (const auto & trans_pkg : packages) {
         if (transaction_item_action_is_inbound(trans_pkg.get_action())) {
             auto const & pkg = trans_pkg.get_package();
@@ -1060,6 +1061,7 @@ bool Transaction::Impl::check_gpg_signatures() {
             auto check_result = rpm_signature.check_package_signature(pkg);
             if (check_result == libdnf5::rpm::RpmSignature::CheckResult::SKIPPED) {
                 num_checks_skipped += 1;
+                repo_of_checks_skipped.insert(pkg.get_repo_id());
             } else if (check_result != libdnf5::rpm::RpmSignature::CheckResult::OK) {
                 // these two errors are possibly recoverable by importing the correct public key
                 auto is_error_recoverable =
@@ -1098,7 +1100,11 @@ bool Transaction::Impl::check_gpg_signatures() {
         }
     }
     if (num_checks_skipped > 0) {
-        auto warning_msg = utils::sformat(_("Warning: skipped PGP checks for {} package(s)."), num_checks_skipped);
+        auto repo_string = libdnf5::utils::string::join(repo_of_checks_skipped, ", ");
+        auto warning_msg = utils::sformat(
+            _("Warning: skipped PGP checks for {0} package(s) from {1} repository(s)."),
+            num_checks_skipped,
+            repo_string);
         signature_problems.push_back(warning_msg);
     }
     return result;
diff --git a/test/libdnf5/base/test_transaction.cpp b/test/libdnf5/base/test_transaction.cpp
index 5e99b9c6f..867101366 100644
--- a/test/libdnf5/base/test_transaction.cpp
+++ b/test/libdnf5/base/test_transaction.cpp
@@ -38,7 +38,8 @@ void BaseTransactionTest::test_check_gpg_signatures_no_gpgcheck() {
     CPPUNIT_ASSERT(transaction.check_gpg_signatures());
     CPPUNIT_ASSERT_EQUAL((size_t)1, transaction.get_gpg_signature_problems().size());
     CPPUNIT_ASSERT_EQUAL(
-        std::string("Warning: skipped PGP checks for 1 package(s)."), transaction.get_gpg_signature_problems()[0]);
+        std::string("Warning: skipped PGP checks for 1 package(s) from repomd-repo1 repository(s)."),
+        transaction.get_gpg_signature_problems()[0]);
 }
 
 void BaseTransactionTest::test_check_gpg_signatures_fail() {
diff --git a/test/python3/libdnf5/base/test_transaction.py b/test/python3/libdnf5/base/test_transaction.py
index ca09ad741..3e0f0d43c 100644
--- a/test/python3/libdnf5/base/test_transaction.py
+++ b/test/python3/libdnf5/base/test_transaction.py
@@ -32,7 +32,7 @@ def test_check_gpg_signatures_no_gpgcheck(self):
 
         self.assertEqual(1, transaction.get_transaction_packages_count())
         self.assertTrue(transaction.check_gpg_signatures())
-        self.assertEqual(('Warning: skipped PGP checks for 1 package(s).',),
+        self.assertEqual(('Warning: skipped PGP checks for 1 package(s) from repomd-repo1 repository(s).',),
                          transaction.get_gpg_signature_problems())
 
     def test_check_gpg_signatures_fail(self):