expired-gpg-keys: new plugin to detect expired GPG keys #533
Conversation
|
The implementation is of course not great (not using logger, not using |
|
Hi and thanks a lot for working on this! I'm planning to dig into it this week. Additionally, some related work appeared recently on the RPM side (link), so I'll also check that one as it might significantly affect the current situation of handling expired keys. |
|
Hello @jan-kolarik, I am glad to hear that.
I noticed the RPM PR just a couple of minutes after proposing this plugin, and at first, I was mad at myself because I thought this plugin was a wasted effort. But I don't think so anymore. I suppose the RPM change won't land into any currently stable Fedora version but rather only in something like F41+? That's just my unsubstantiated assumption, we should get the correct information on this. But if true, any DNF fix based on the new RPM code won't be available to the users for many months. So maybe having this workaround will be useful in the meantime, what do you think?
Feel free to take the code from this PR and make it production-ready. Edit: I sent you an invite to be a collaborator to my dnf-plugins-core repository, so you can push directly to this PR if you want to. |
| """ | ||
| Is the GPG key expired? | ||
| """ | ||
| days = 365 * 5 - 30 |
There was a problem hiding this comment.
This would be much more convenient:
$ rpm -q gpg-pubkey-8ddfd64b-65de01d8 --qf '%{DESCRIPTION}' | gpg --show-keys --with-colon | head -1 | cut -d: -f 7
1866728280
$ date --date @1866728280
Ne 25. února 2029, 16:38:00 CET
I think that we can expect gpg exists everywhere, or simply error out and claiming user should install it.
|
I'll check back probably next week. For now, I can say this seems to be the direction we want to take, but we need to agree on it as a team and decide whether to implement it as core functionality or leave it as a plugin. |
|
Following-up on the comment from the dnf5 issue, we are planning to start integrating the work based on this PR into dnf4 and dnf5, probably during the next sprint (next week). |
|
Perfect, I am glad to hear that @jan-kolarik. Please close the PR once it is no longer relevant. |
Workaround for: rpm-software-management/dnf#2075