Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: Use OpenPGP instead of PGP #1931

Merged
merged 2 commits into from
Dec 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions dnf5-plugins/reposync_plugin/reposync.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ bool ReposyncCommand::pgp_check_packages(const download_list_type & pkg_list) {
auto check_result = rpm_signature.check_package_signature(pth);
if (check_result != libdnf5::rpm::RpmSignature::CheckResult::OK) {
std::cerr << libdnf5::utils::sformat(
_("Removing '{}' with failing PGP check: {}"),
_("Removing '{}' with failing OpenPGP check: {}"),
pth.string(),
rpm_signature.check_result_to_string(check_result))
<< std::endl;
Expand Down Expand Up @@ -407,7 +407,7 @@ void ReposyncCommand::run() {
}
if (gpgcheck_option->get_value()) {
if (!pgp_check_packages(pkg_list)) {
throw libdnf5::cli::CommandExitError(1, M_("PGP signature check failed"));
throw libdnf5::cli::CommandExitError(1, M_("OpenPGP signature check failed"));
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion dnf5/commands/offline/offline.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -384,7 +384,7 @@ void OfflineExecuteCommand::pre_configure() {
// Additional removal could trigger unwanted changes in transaction.
ctx.get_base().get_config().get_clean_requirements_on_remove_option().set(false);
ctx.get_base().get_config().get_install_weak_deps_option().set(false);
// Disable gpgcheck entirely, since PGP integrity will have already been
// Disable gpgcheck entirely, since OpenPGP integrity will have already been
// checked when the transaction was prepared and serialized. This way, we
// don't need to keep track of which packages need to be gpgchecked.
ctx.get_base().get_config().get_pkg_gpgcheck_option().set(false);
Expand Down
2 changes: 1 addition & 1 deletion dnf5/context.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ class KeyImportRepoCB : public libdnf5::repo::RepoCallbacks {
return false;
}

std::cerr << libdnf5::utils::sformat(_("Importing PGP key 0x{}:\n"), key_info.get_short_key_id());
std::cerr << libdnf5::utils::sformat(_("Importing OpenPGP key 0x{}:\n"), key_info.get_short_key_id());
for (auto & user_id : key_info.get_user_ids()) {
std::cerr << libdnf5::utils::sformat(_(" UserID : \"{}\"\n"), user_id);
}
Expand Down
8 changes: 4 additions & 4 deletions dnf5/main.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -414,7 +414,7 @@ void RootCommand::set_argument_parser() {

auto no_gpgchecks = parser.add_new_named_arg("no-gpgchecks");
no_gpgchecks->set_long_name("no-gpgchecks");
no_gpgchecks->set_description(_("disable PGP signature checking (if RPM policy allows)"));
no_gpgchecks->set_description(_("disable OpenPGP signature checking (if RPM policy allows)"));
no_gpgchecks->set_parse_hook_func([&ctx](
[[maybe_unused]] ArgumentParser::NamedArg * arg,
[[maybe_unused]] const char * option,
Expand Down Expand Up @@ -1459,9 +1459,9 @@ int main(int argc, char * argv[]) try {
} else {
for (const auto & tsflag : base.get_config().get_tsflags_option().get_value()) {
if (tsflag == "test") {
context.print_error(
_("Test mode enabled: Only package downloads, PGP key installations and transaction "
"checks will be performed."));
context.print_error(_(
"Test mode enabled: Only package downloads, OpenPGP key installations and transaction "
"checks will be performed."));
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion dnf5daemon-client/callbacks.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ void DownloadCB::key_import(sdbus::Signal & signal) {
std::string url;
signal >> key_id >> user_ids >> fingerprint >> url;

std::cerr << std::endl << "Importing PGP key 0x" + key_id << ":\n";
std::cerr << std::endl << "Importing OpenPGP key 0x" + key_id << ":\n";
for (auto & user_id : user_ids) {
std::cerr << " Userid : \"" + user_id << "\"\n";
}
Expand Down
6 changes: 3 additions & 3 deletions dnf5daemon-server/dbus/interfaces/org.rpm.dnf.v0.Base.xml
Original file line number Diff line number Diff line change
Expand Up @@ -131,10 +131,10 @@ along with libdnf. If not, see <https://www.gnu.org/licenses/>.
<!--
repo_key_import_request:
@session_object_path: object path of the dnf5daemon session
@key_id: PGP key id
@key_id: OpenPGP key id
@user_ids: User id
@key_fingerprint: Fingerprint of the PGP key
@key_url: URL of the PGP key
@key_fingerprint: Fingerprint of the OpenPGP key
@key_url: URL of the OpenPGP key
@timestamp: timestamp when the key was created

Request for repository key import confirmation.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ along with libdnf. If not, see <https://www.gnu.org/licenses/>.
@key_id: id of the key in question
@confirmed: whether the key import is confirmed by user

Confirm repository PGP key import.
Confirm repository OpenPGP key import.
-->
<method name="confirm_key">
<arg name="key_id" type="s" direction="in"/>
Expand Down
2 changes: 1 addition & 1 deletion dnf5daemon-server/services/repo/repo.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ dnfdaemon::KeyValueMap repo_to_map(
dbus_repo.emplace(attr, libdnf_repo->get_config().get_skip_if_unavailable_option().get_value());
break;

// pgp
// OpenPGP
case RepoAttribute::gpgkey:
dbus_repo.emplace(attr, libdnf_repo->get_config().get_gpgkey_option().get_value());
break;
Expand Down
2 changes: 1 addition & 1 deletion doc/dnf5.8.rst
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ Following options are applicable in the general context for any ``dnf5`` command
| It sets the ``RPMTRANS_FLAG_NODOCS`` flag.

``--no-gpgchecks``
| Skip checking PGP signatures on packages (if ``RPM`` policy allows that).
| Skip checking OpenPGP signatures on packages (if ``RPM`` policy allows that).

``--no-plugins``
| Disable all libdnf5 plugins.
Expand Down
2 changes: 1 addition & 1 deletion doc/dnf5.conf-todo.5.rst
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ This section does not track any deprecated option. For such options see :ref:`De
``gpgkey_dns_verification``
:ref:`boolean <boolean-label>`

If enabled, DNF5 will attempt to automatically verify PGP verification keys using the DNS
If enabled, DNF5 will attempt to automatically verify OpenPGP verification keys using the DNS
system.

This option requires the unbound python module (python3-unbound) to
Expand Down
12 changes: 6 additions & 6 deletions doc/dnf5.conf.5.rst
Original file line number Diff line number Diff line change
Expand Up @@ -564,7 +564,7 @@ repository configuration file should aside from repo ID consists of baseurl, met
``_RPMVSF_NODIGESTS`` VS flags.

The ``test`` option provides a transaction check without performing the transaction.
It includes downloading of packages, PGP keys check (including permanent import of
It includes downloading of packages, OpenPGP keys check (including permanent import of
additional keys if necessary), and rpm check to prevent file conflicts.

The ``nocaps`` is supported with rpm-4.14 or later. When ``nocaps`` is used but rpm
Expand Down Expand Up @@ -724,7 +724,7 @@ Repo Options
``gpgkey``
:ref:`list <list-label>`

URLs of a PGP key files that can be used for signing metadata and packages
URLs of a OpenPGP key files that can be used for signing metadata and packages
of this repository. If a file can not be verified using
the already imported keys, import of keys from this option is attempted and
the keys are then used for verification.
Expand Down Expand Up @@ -981,7 +981,7 @@ configuration.
``pkg_gpgcheck``
:ref:`boolean <boolean-label>`

Whether to perform PGP signature check on packages found in this repository.
Whether to perform OpenPGP signature check on packages found in this repository.

The default is False.

Expand Down Expand Up @@ -1023,7 +1023,7 @@ configuration.
``localpkg_gpgcheck``
:ref:`boolean <boolean-label>`

If enabled, DNF5 will perform a PGP signature check on local packages (packages in a file, not in a repository).
If enabled, DNF5 will perform a OpenPGP signature check on local packages (packages in a file, not in a repository).

Default: ``False``.

Expand Down Expand Up @@ -1172,11 +1172,11 @@ configuration.
``repo_gpgcheck``
:ref:`boolean <boolean-label>`

If enabled, DNF5 will perform PGP signature check on this repository's metadata.
If enabled, DNF5 will perform OpenPGP signature check on this repository's metadata.


.. NOTE::
PGP keys for this check are stored separately from PGP keys used in package signature
OpenPGP keys for this check are stored separately from OpenPGP keys used in package signature
verification. Furthermore, they are also stored separately for each repository.

This means that DNF5 may ask to import the same key multiple times. For example, when a key was
Expand Down
4 changes: 2 additions & 2 deletions doc/dnf5_plugins/reposync.8.rst
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,10 @@ Options
Otherwise, DNF will encounter errors when attempting to install older packages.

``--gpgcheck, -g``
Remove packages that fail PGP signature verification after downloading. The
Remove packages that fail OpenPGP signature verification after downloading. The
command exits with a code of ``1`` if at least one package is removed.

Note: For repositories configured with ``gpgcheck=0``, PGP signatures are not
Note: For repositories configured with ``gpgcheck=0``, OpenPGP signatures are not
checked, even when this option is used.

``--metadata-path=<path>``
Expand Down
6 changes: 3 additions & 3 deletions doc/dnf5_workflow.rst
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ Typical DNF5 workflow consists of:
#. load metadata from cache if valid
#. try to reuse root's cache
#. metadata download
#. metadata PGP check
#. if required import repository PGP keys and try again
#. metadata OpenPGP check
#. if required import repository OpenPGP keys and try again
#. libdnf5 plugin ``repos_loaded`` hook
#. run command specific ``load_additional_packages`` step
#. run command specific ``run`` step
Expand All @@ -56,7 +56,7 @@ Typical DNF5 workflow consists of:
#. print transaction table
#. check for user approval
#. download inbound transaction packages
#. check PGP signatures for inbound transaction packages
#. check OpenPGP signatures for inbound transaction packages
#. lock transaction ``libdnf5::utils::Locker``
#. create rpm transaction
#. run rpm test transaction
Expand Down
2 changes: 1 addition & 1 deletion doc/misc/installroot.7.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ relative to where all packages will be installed. Think of it like doing
before the chroot is created.

`cachedir`, `system_cachedir`, `log` files, `releasever`, and `gpgkey` are
taken from or stored in the installroot. PGP keys are imported into the
taken from or stored in the installroot. OpenPGP keys are imported into the
installroot from a path relative to the host which can be specified in the
repository section of configuration files.

Expand Down
2 changes: 1 addition & 1 deletion include/libdnf5/repo/repo_callbacks.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ class LIBDNF_API RepoCallbacks {
RepoCallbacks & operator=(const RepoCallbacks &) = delete;
RepoCallbacks & operator=(RepoCallbacks &&) = delete;

/// PGP key import callback. Allows to confirm or deny the import.
/// OpenPGP key import callback. Allows to confirm or deny the import.
/// @param key_info The key that is about to be imported
/// @return `true` to import the key, `false` to not import
virtual bool repokey_import(const libdnf5::rpm::KeyInfo & key_info);
Expand Down
2 changes: 1 addition & 1 deletion include/libdnf5/rpm/rpm_signature.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ class LIBDNF_API RpmSignature {
CheckResult check_package_signature(const std::string & path) const;

/// Import public key into rpm database.
/// @param key: PGP key to be imported into rpm database.
/// @param key: OpenPGP key to be imported into rpm database.
bool import_key(const KeyInfo & key) const;

/// Check public key presence in rpm database
Expand Down
4 changes: 2 additions & 2 deletions libdnf5-cli/output/repo_info.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ void RepoInfo::Impl::add_repo(IRepoInfo & repo) {
add_line("Mirrorlist", mirrorlist, nullptr, group_urls);
}

// PGP
auto group_gpg = add_line("PGP", "", nullptr);
// OpenPGP
auto group_gpg = add_line("OpenPGP", "", nullptr);

auto gpg_keys = repo.get_gpgkey();
if (!gpg_keys.empty()) {
Expand Down
12 changes: 6 additions & 6 deletions libdnf5/base/transaction.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ const std::map<base::Transaction::TransactionRunResult, BgettextMessage> TRANSAC
};

const std::map<base::ImportRepoKeysResult, BgettextMessage> IMPORT_REPO_KEYS_RESULT_DICT = {
{base::ImportRepoKeysResult::NO_KEYS, M_("The repository does not have any PGP keys configured.")},
{base::ImportRepoKeysResult::NO_KEYS, M_("The repository does not have any OpenPGP keys configured.")},
{base::ImportRepoKeysResult::ALREADY_PRESENT, M_("Public key is not installed.")},
{base::ImportRepoKeysResult::IMPORT_DECLINED, M_("Canceled by the user.")},
{base::ImportRepoKeysResult::IMPORT_FAILED, M_("Public key import failed.")},
Expand Down Expand Up @@ -1369,7 +1369,7 @@ bool Transaction::Impl::check_gpg_signatures() {
auto const & pkg = trans_pkg.get_package();
auto repo = pkg.get_repo();
auto err_msg = utils::sformat(
_("PGP check for package \"{}\" ({}) from repo \"{}\" has failed: "),
_("OpenPGP check for package \"{}\" ({}) from repo \"{}\" has failed: "),
pkg.get_nevra(),
pkg.get_package_path(),
repo->get_id());
Expand Down Expand Up @@ -1419,11 +1419,11 @@ bool Transaction::Impl::check_gpg_signatures() {
repos_with_skipped_checks, C_("It is a joining character for repositories IDs", ", "));
auto warning_msg = utils::sformat(
(repos_with_skipped_checks.size() == 1)
? P_("Warning: skipped PGP checks for {0} package from repository: {1}",
"Warning: skipped PGP checks for {0} packages from repository: {1}",
? P_("Warning: skipped OpenPGP checks for {0} package from repository: {1}",
"Warning: skipped OpenPGP checks for {0} packages from repository: {1}",
num_checks_skipped)
: P_("Warning: skipped PGP checks for {0} package from repositories: {1}",
"Warning: skipped PGP checks for {0} packages from repositories: {1}",
: P_("Warning: skipped OpenPGP checks for {0} package from repositories: {1}",
"Warning: skipped OpenPGP checks for {0} packages from repositories: {1}",
num_checks_skipped),
num_checks_skipped,
repo_string);
Expand Down
13 changes: 7 additions & 6 deletions libdnf5/repo/repo_pgp.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,13 @@ std::vector<Key> RepoPgp::rawkey2infos(int fd, const std::string & url, const st

GError * err = NULL;
if (!lr_gpg_import_key_from_fd(fd, tmpdir.get_path().c_str(), &err)) {
throw_repo_pgp_error(M_("Failed to import pgp keys into temporary keyring: {}"), err);
throw_repo_pgp_error(M_("Failed to import OpenPGP keys into temporary keyring: {}"), err);
}

std::unique_ptr<LrGpgKey, decltype(&lr_gpg_keys_free)> lr_keys{
lr_gpg_list_keys(TRUE, tmpdir.get_path().c_str(), &err), &lr_gpg_keys_free};
if (err) {
throw_repo_pgp_error(M_("Failed to list pgp keys: {}"), err);
throw_repo_pgp_error(M_("Failed to list OpenPGP keys: {}"), err);
}

for (const auto * lr_key = lr_keys.get(); lr_key; lr_key = lr_gpg_key_get_next(lr_key)) {
Expand All @@ -90,7 +90,7 @@ std::vector<std::string> RepoPgp::load_keys_ids_from_keyring() {
std::unique_ptr<LrGpgKey, decltype(&lr_gpg_keys_free)> lr_keys{
lr_gpg_list_keys(FALSE, keyring_dir.c_str(), &err), &lr_gpg_keys_free};
if (err) {
throw_repo_pgp_error(M_("Failed to list pgp keys: {}"), err);
throw_repo_pgp_error(M_("Failed to list OpenPGP keys: {}"), err);
}

for (const auto * lr_key = lr_keys.get(); lr_key; lr_key = lr_gpg_key_get_next(lr_key)) {
Expand Down Expand Up @@ -120,7 +120,8 @@ void RepoPgp::import_key(int fd, const std::string & url) {
auto known_keys = load_keys_ids_from_keyring();
for (auto & key_info : key_infos) {
if (std::find(known_keys.begin(), known_keys.end(), key_info.get_key_id()) != known_keys.end()) {
logger.debug("Pgp key 0x{} for repository {} already imported.", key_info.get_key_id(), config.get_id());
logger.debug(
"OpenPGP key 0x{} for repository {} already imported.", key_info.get_key_id(), config.get_id());
continue;
}

Expand All @@ -137,13 +138,13 @@ void RepoPgp::import_key(int fd, const std::string & url) {
GError * err = NULL;
if (!lr_gpg_import_key_from_memory(
key_info.get_raw_key().c_str(), key_info.get_raw_key().size(), keyring_dir.c_str(), &err)) {
throw_repo_pgp_error(M_("Failed to import pgp keys: {}"), err);
throw_repo_pgp_error(M_("Failed to import OpenPGP keys: {}"), err);
}

if (callbacks) {
callbacks->repokey_imported(key_info);
}
logger.debug("Imported pgp key 0x{} for repository {}.", key_info.get_key_id(), config.get_id());
logger.debug("Imported OpenPGP key 0x{} for repository {}.", key_info.get_key_id(), config.get_id());
}
}

Expand Down
4 changes: 2 additions & 2 deletions libdnf5/repo/repo_pgp.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ class Key : public libdnf5::rpm::KeyInfo {
Key(const LrGpgKey * key, const LrGpgSubkey * subkey, const std::string & url, const std::string & path);
};

/// Wraps pgp in a higher-level interface.
/// @exception RepoPgpError (public) Thrown on any pgp-related error.
/// Wraps OpenPGP in a higher-level interface.
/// @exception RepoPgpError (public) Thrown on any OpenPGP-related error.
class RepoPgp {
public:
RepoPgp(const BaseWeakPtr & base, const ConfigRepo & config);
Expand Down
2 changes: 1 addition & 1 deletion libdnf5/rpm/rpm_signature.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ RpmSignature::CheckResult RpmSignature::check_package_signature(const std::strin
}

RpmSignature::CheckResult RpmSignature::check_package_signature(const rpm::Package & pkg) const {
// is package PGP check even required?
// is package OpenPGP check even required?
auto repo = pkg.get_repo();
if (repo->get_type() == libdnf5::repo::Repo::Type::COMMANDLINE) {
if (!p_impl->base->get_config().get_localpkg_gpgcheck_option().get_value()) {
Expand Down
2 changes: 1 addition & 1 deletion test/libdnf5/base/test_transaction.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ void BaseTransactionTest::test_check_gpg_signatures_no_gpgcheck() {
CPPUNIT_ASSERT(transaction.check_gpg_signatures());
CPPUNIT_ASSERT_EQUAL((size_t)1, transaction.get_gpg_signature_problems().size());
CPPUNIT_ASSERT_EQUAL(
std::string("Warning: skipped PGP checks for 1 package from repository: repomd-repo1"),
std::string("Warning: skipped OpenPGP checks for 1 package from repository: repomd-repo1"),
transaction.get_gpg_signature_problems()[0]);
}

Expand Down
2 changes: 1 addition & 1 deletion test/python3/libdnf5/base/test_transaction.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def test_check_gpg_signatures_no_gpgcheck(self):

self.assertEqual(1, transaction.get_transaction_packages_count())
self.assertTrue(transaction.check_gpg_signatures())
self.assertEqual(('Warning: skipped PGP checks for 1 package from repository: repomd-repo1',),
self.assertEqual(('Warning: skipped OpenPGP checks for 1 package from repository: repomd-repo1',),
transaction.get_gpg_signature_problems())

def test_check_gpg_signatures_fail(self):
Expand Down
Loading