SET(LIBZYPP_MAJOR "17")
SET(LIBZYPP_COMPATMINOR "2")
SET(LIBZYPP_MINOR "6")
-SET(LIBZYPP_PATCH "2")
+SET(LIBZYPP_PATCH "3")
#
-# LAST RELEASED: 17.6.2 (2)
+# LAST RELEASED: 17.6.3 (2)
# (The number in parenthesis is LIBZYPP_COMPATMINOR)
#=======
%files -f zypp.lang
%defattr(-,root,root)
+%if 0%{?suse_version} >= 1500
%license COPYING
+%endif
%dir %{_sysconfdir}/zypp
%if 0%{?fedora_version} || 0%{?rhel_version} >= 600 || 0%{?centos_version} >= 600
%{_sysconfdir}/zypp/repos.d
-------------------------------------------------------------------
+Thu Aug 30 16:44:56 CEST 2018 - ma@suse.de
+
+- Check for not imported keys after multi key import from rpmdb
+ (bsc#1096217)
+- version 17.6.3 (2)
+
+-------------------------------------------------------------------
Tue Aug 21 18:46:35 CEST 2018 - ma@suse.de
- fixup! Add filesize check for downloads with known size (bsc#408814)
return false;
}
+ void KeyRingReport::reportNonImportedKeys(const std::set<Edition> &keys_r)
+ {
+ UserData data(KEYS_NOT_IMPORTED_REPORT);
+ data.set("Keys", keys_r);
+ report(data);
+ }
+
namespace
{
///////////////////////////////////////////////////////////////////
KEY_TRUST_AND_IMPORT
};
- constexpr static const char * ACCEPT_PACKAGE_KEY_REQUEST = "KeyRingReport/AcceptPackageKey";
-
/**
* Ask user to trust and/or import the key to trusted keyring.
* \see KeyTrust
* Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report
*
* The UserData object will have the following fields:
+ * UserData::type \ref ACCEPT_PACKAGE_KEY_REQUEST
* "PublicKey" The PublicKey to be accepted
* "KeyContext" The KeyContext
*
*
*/
bool askUserToAcceptPackageKey( const PublicKey &key_r, const KeyContext &keycontext_r = KeyContext() );
+ /** \relates askUserToAcceptPackageKey generic reports UserData::type */
+ constexpr static const char * ACCEPT_PACKAGE_KEY_REQUEST = "KeyRingReport/AcceptPackageKey";
+
+ /**
+ * Notify the user about keys that were not imported from the
+ * rpm key database into zypp keyring
+ *
+ * The UserData object will have the following fields:
+ * UserData::type \ref KEYS_NOT_IMPORTED_REPORT
+ * std::set<Edition> "Keys" set of keys that were not imported
+ *
+ */
+ void reportNonImportedKeys( const std::set<Edition> &keys_r );
+ /** \relates reportNonImportedKeys generic reports UserData::type */
+ constexpr static const char *KEYS_NOT_IMPORTED_REPORT = "KeyRingReport/KeysNotImported";
};
{ return makeIterable( &(*_pimpl->_subkeys.begin()), &(*_pimpl->_subkeys.end()) ); }
bool PublicKeyData::providesKey( const std::string & id_r ) const
- { return( id_r == _pimpl->_id || _pimpl->hasSubkeyId( id_r ) ); }
+ {
+ if ( id_r.size() == 8 ) // as a convenience allow to test the 8byte short ID rpm uses as gpg-pubkey version
+ return str::endsWithCI( _pimpl->_id, id_r );
+ return( id_r == _pimpl->_id || _pimpl->hasSubkeyId( id_r ) );
+ }
PublicKeyData::AsciiArt PublicKeyData::asciiArt() const
{ return AsciiArt( fingerprint() /* TODO: key algorithm could be added as top tile. */ ); }
try
{
getZYpp()->keyRing()->multiKeyImport( tmpfile.path(), true /*trusted*/);
+ // bsc#1096217: Try to spot and report legacy V3 keys found in the rpm database.
+ // Modern rpm does not import those keys, but when migrating a pre SLE12 system
+ // we may find them. rpm>4.13 even complains on sderr if sucha key is present.
+ std::set<Edition> missingKeys;
+ for ( const Edition & key : rpmKeys )
+ {
+ if ( getZYpp()->keyRing()->isKeyTrusted( key.version() ) ) // key.version is the gpgkeys short ID
+ continue;
+ ERR << "Could not import key:" << str::Format("gpg-pubkey-%s") % key << " into zypp keyring (V3 key?)" << endl;
+ missingKeys.insert( key );
+ }
+ if ( ! missingKeys.empty() )
+ callback::SendReport<KeyRingReport>()->reportNonImportedKeys(missingKeys);
}
catch (Exception &e)
{
- ERR << "Could not import keys into in zypp keyring" << endl;
+ ERR << "Could not import keys into zypp keyring" << endl;
}
}
projects / platform / upstream / libzypp.git / commitdiff