[Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)
Panu Matilainen
notifications at github.com
Thu Mar 11 09:37:20 UTC 2021
Using filesystem as keyring is an unfinished development idea from 2008
which has somehow lingered on ever after.
The fs keyring behavior has potential security problems as it allows any
package to drop in files at the keyring path, instantly becoming trusted
keys. In some scenarios this may be a desireable feature though, and
apparently some distros (Yocto at least) actually rely on this feature.
The other issue is that the on-disk and rpmdb variants don't play well
together, in fact they don't play together at all.
The rpm keyring needs a thorough redesign but until then we don't want
to force users to adjust to something that is also destined to go away.
So in the meanwhile, let people choose with a macro which behavior they
want, using a macro seems the lowest bar to cross. Add new %_keyring
macro that accepts either `rpmdb` or `fs` values and falls back to `rpmdb`
unknown/unset values.
Fixes: #1543
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1575
-- Commit Summary --
* Make the rpmdb keyring type macro-configurable
-- File Changes --
M lib/rpmts.c (15)
M macros.in (5)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/1575.patch
https://github.com/rpm-software-management/rpm/pull/1575.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210311/285bd67a/attachment.html>
More information about the Rpm-maint
mailing list