[Rpm-maint] [rpm-software-management/rpm] Ignore NOTTRUSTED results in verification (PR #4020)
Jakub Jelen
notifications at github.com
Fri Nov 7 15:37:29 UTC 2025
@Jakuje commented on this pull request.
> +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm
+],
+[0],
+[/tmp/hello-2.0-1.x86_64.rpm:
+ Header OpenPGP V4 ECDSA/SHA512 signature, key fingerprint: e8a62c0512b06b5d2183ba207f1c21f95f65bbe8: OK
+ Header OpenPGP V4 EdDSA/SHA512 signature, key fingerprint: 152bb32fd9ca982797e835cfb0645aec757bf69e: OK
+ Header OpenPGP V4 RSA/SHA512 signature, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: NOTTRUSTED
+ Header SHA256 digest: OK
+ Payload SHA256 digest: OK
+],
+[ignore])
+
+# EDDSA disabled
+RPMTEST_CHECK([
+runroot cp -f /tmp/rpm-sequoia.config /etc/crypto-policies/back-ends/
+runroot sed -i '/^cv25519/s/always/never/g' /etc/crypto-policies/back-ends/rpm-sequoia.config
Interesting. I think we should go through the following code path though:
```
(PublicKeyAlgorithm::Ed25519, _) => AsymmetricAlgorithm::Ed25519,
```
but I would have to dig deeper into what names are used in OpenPGP and Sequoia.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/4020#discussion_r2504187809
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/4020/review/3434719918 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20251107/0de88af0/attachment-0001.htm>
More information about the Rpm-maint
mailing list