[Rpm-maint] [rpm-software-management/rpm] Ignore NOTTRUSTED results in verification (PR #4020)

[Jakub Jelen]

@Jakuje commented on this pull request.



> +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm
+],
+[0],
+[/tmp/hello-2.0-1.x86_64.rpm:
+    Header OpenPGP V4 ECDSA/SHA512 signature, key fingerprint: e8a62c0512b06b5d2183ba207f1c21f95f65bbe8: OK
+    Header OpenPGP V4 EdDSA/SHA512 signature, key fingerprint: 152bb32fd9ca982797e835cfb0645aec757bf69e: OK
+    Header OpenPGP V4 RSA/SHA512 signature, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: NOTTRUSTED
+    Header SHA256 digest: OK
+    Payload SHA256 digest: OK
+],
+[ignore])
+
+# EDDSA disabled
+RPMTEST_CHECK([
+runroot cp -f /tmp/rpm-sequoia.config /etc/crypto-policies/back-ends/
+runroot sed -i '/^cv25519/s/always/never/g' /etc/crypto-policies/back-ends/rpm-sequoia.config

I nudged Neal to have a look into this and filled sequoia issue for this: https://gitlab.com/sequoia-pgp/sequoia/-/issues/1225
We believe this is a copy&paste error and should be fixed in next release.

Until now, I would suggest the testsuite would toggle both names to make sure it works with both, bad and good versions and when we will have all the versions updated, we can remove the "bad" value.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/4020#discussion_r2504627003
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/4020/review/3435251513 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20251107/b2d59b21/attachment.htm>