Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement merging of new key material when importing pubkeys #3083

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Implement merging of new key material when importing pubkeys #3083

wants to merge 7 commits into from
+210 −32

Conversation

mlschroe
Copy link
Contributor

@mlschroe mlschroe commented May 8, 2024

This currently only makes a difference if the "legacy" backend is used.

@mlschroe
Fix error handling in rpmtsImportPubkey
4621abc 
The call to pgpPubKeyLint() modified the rc code, which the
following code assumed to be RPMRC_FAIL.

Also, the return code of the database operation was always
overwritten with RPMRC_OK.
@mlschroe
Make subkeys available right away when a pubkey is imported
0872648 
This is useful for API users that do not re-read the keys
from the database.
@mlschroe
Split subkey initialization into its own function
5926604 
No functual changes.
@mlschroe
Add rpmKeyringModify to change the keys of a keyring
2292bb2 
This allows us to replace or delete keys from the keyring.
@mlschroe
Add a method to lookup a key from the keyring
8ac10de 
Use this method in rpmtsImportPubkey() to check if we already
have that key. This is the place where we will implement key
merging in the next commits.
@mlschroe
Support pubkey merging in the keyring code
885a3ab 
The new rpmPubkeyMerge function will merge the certificate
material of two pubkeys describing the same key.

This is currently only implemented in the "legcay" backend.
@mlschroe
Merge keys and update the database in rpmtsImportPubkey()
028d84b
@pmatilai
Copy link
Member

pmatilai commented May 8, 2024

Oh, nice. Didn't look at details yet but the functionality is pretty desperately needed indeed.
The current behavior of just bailing out if main keyid is already there predates the subkey support by many years and was only ever intended as a stop-gap behavior until something better gets done. Well, here we are, finally 👍

@nwalfield , thoughts from rpm-sequoia POV (or otherwise)?

@nwalfield
Copy link
Contributor

Oh, nice. Didn't look at details yet but the functionality is pretty desperately needed indeed. The current behavior of just bailing out if main keyid is already there predates the subkey support by many years and was only ever intended as a stop-gap behavior until something better gets done. Well, here we are, finally 👍

@nwalfield , thoughts from rpm-sequoia POV (or otherwise)?

I'll take a look the start of next week. From a very high-level perspective: yes, we want to merge certificates. So, thanks a lot for working on this @mlschroe!

@pmatilai pmatilai mentioned this pull request May 13, 2024
Open
@jan-kolarik jan-kolarik mentioned this pull request May 14, 2024
Open
@pmatilai
Copy link
Member

the "legacy" backend

@mlschroe , I didn't quite expect you to start so actively hacking on it, more like terminal care and hence the name. If you intend to continue developing it, I'm okay with renaming it to something else than "legacy". Only it can't be "internal" anymore because it's not 😅

@mlschroe
Copy link
Contributor Author

I started fixing some problems I found in the code and then got carried away...

@adrianschroeter
Copy link

maybe "pgp" would be a working name for the backend...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mlschroe @pmatilai @nwalfield @adrianschroeter