-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expired-pgp-keys: New plugin for detecting expired PGP keys #1592
base: main
Are you sure you want to change the base?
Conversation
I looked into the source code. It's a rewrite of the new "expired-gpg-keys" plugin from DNF4 to libdnf5. And here's the problem. The original plugin is in Python. It is not part of the libdnf library -> this makes it ignored by users using libdnf directly - This PR implements the The How to get out of this? |
That's a good point Jarek, I wasn't thinking about non-CLI users here. I will rework the plugin as you've suggested, thanks for that! |
2d86077
to
daa8582
Compare
Workaround for: #1192
daa8582
to
e88960d
Compare
Looking at the expiriation date will miss what I think is the more common issue just now: all the obsolete SHA1 based signatures that will fail in various other ways. Sequoia generally defers this checking to verify rather than import time, but you might want to additionally call pgpPubKeyLint() on the key material to catch at least some of those issues too. |
Based on the implementation from rpm-software-management/dnf-plugins-core#533.
Workaround for: #1192.