-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PGP: Use new librepo PGP API, remove gpgme dependency #1614
PGP: Use new librepo PGP API, remove gpgme dependency #1614
Conversation
Libdnf assumed that librepo internally uses gpgme for PGP keyring. Libdnf used the librepo keyring directly via gpgme instead of using the librepo API. It had to, the librepo API was insufficient. Librepo in version 1.15.0 extended the PGP API. This commmit uses the extended librepo PGP API and removes libdnf's dependency on gpgme. This is importand because a newer librepo may internally use a different PGP implementation than gpgme. The code was backported from libdnf5.
"rawKey" is a string in ASCII-Armor format. It makes sense to store in std::string rather than converting to vector. The code was backported from libdnf5.
d9a10dd
to
0f2183d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
5b1d034
into
rpm-software-management:dnf-4-master
Are you aware this breaks building on c9s? coreos/rpm-ostree#4545 (comment) |
??? Are you building the upstream version of libdnf against the distribution version of librepo in c9s? In commit message is: "Use new librepo PGP API" |
Yes.
I understand. My question really is: is it a goal of the dnf-4-master branch to continue building against c9s, or not? Are there plans to update librepo there? If yes, that's fine. If not, then for rpm-ostree we're in a bit of a tricky spot as we may then need to fork. But hopefully this is just a matter of updating librepo. |
Libdnf assumed that librepo internally uses gpgme for PGP keyring. Libdnf used the librepo keyring directly via gpgme instead of using the librepo API. It had to, the librepo API was insufficient.
Librepo in version 1.15.0 extended the PGP API. This commmit uses the extended librepo PGP API and removes libdnf's dependency on gpgme.
This PR is important because a newer librepo may internally use a different PGP implementation than gpgme. For example, this PR rpm-software-management/librepo#275 allows librepo to be compiled without gpgme . Instead of using gpgme, it implements its own PGP keyring and uses the encryption functions from librpm.
The code was backported from libdnf5.