[Rpm-maint] [rpm-software-management/rpm] Check not configured keystore backends for keys (PR #3539)

[Panu Matilainen]

@pmatilai commented on this pull request.



> @@ -299,6 +299,7 @@ static void loadKeyring(rpmts ts)
 	rpmtxn txn = rpmtxnBegin(ts, RPMTXN_READ);
 	if (txn) {
 	    ts->keystore->load_keys(txn, ts->keyring);
+	    check_backends(txn, ts);

No, nak. We absolutely do not want to check for all possible backends on every single keyring load. 

Keystore changing is like this once or twice in a lifetime situation for the average user. I'm still in denial that we need such a probe feature for the keyring at all.

The rpmdb detection logic only runs if the configured db doesn't exist at all, and that's okay. Unfortunately it doesn't translate that well for the keystore - existintence can't be reliably tested, and being empty is not a sufficient reason in itself to go look elsewhere.

Like already said in the ticket/other PR once or twice: the only time we should look outside the configured keystore is when explicitly told to do so, and even that only when rebuilding the keystore. And that is something distros are expected to do on the users behalf in the default case, anything else is an advanced user case who can IMO be expected to know where they're switching from. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3539#pullrequestreview-2575060014
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3539/review/2575060014 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250127/34549249/attachment.htm>