Commits on Oct 6, 2023

1. installFromYum: give more detailed error messages on gpg errors …

   Covers:
   1. repo_gpgcheck:
     a. wrong system clock putting gpg key creation in the future, causing a
        yum crash (nothing special happens if the date of the signature is in
        the future ¯\_(ツ)_/¯)
     b. other yum crashes due to uncaught gpg exceptions (if any)
     c. lack of repomd signature (while repo_gpgcheck is in force)
     d. signature done by other key than the one in ISO ("repomd.xml signature
        could not be verified" ¯\_(ツ)_/¯)
   2. gpgcheck:
     a. RPM signed with unknown key
     b. unsigned RPM referenced by unsigned repomd (no-repo-gpgcheck)
     c. RPM re-signed with unknown key, unsigned repomd (no-repo-gpgcheck)
     d. RPM overwritten with another RPM signed with known key (diagnosed
        through hash but, same diag as 2.c)
     e. delsigned/resigned/etc RPM, unchanged repomd (same diag as 2.c/d)
   
   Does not cover notably:
     - unsigned RPM referenced by (re)signed repomd
   
   In some cases Yum does not give an error, but dies because of an
   uncaught exception, which makes this check quite brittle, but in the
   worst case if messages change, we still fallback to the original
   "Error installing packages" message.
   
   Signed-off-by: Yann Dirson <[email protected]>

   

   ydirson committed Oct 6, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 391e2cd
   • Browse repository at this point

   Copy the full SHA

   391e2cd View commit details

   Browse the repository at this point in the history