Task #2222
closedfix master branch
0%
Description
It looks like commit 409687edaa792427c7876c815d517b66f05fe25d is present on both 2.10-dev and master branches. However, the code associated with that commit is only present on the 2.10-dev branch.
We should figure out what all is missing from master branch in pulp_rpm and make a commit to bring those changes back.
Updated by semyers about 7 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to semyers
tteresch found another one:
https://github.com/pulp/pulp_rpm/commit/409687edaa792427c7876c815d517b66f05fe25d#diff-5185b3f1e5a02c40a5d198fe779c75fb
I'm going to try to see what they have in common, see if there's a way to detect them reliably to find any other issues like this, and finally fix them.
Updated by semyers about 7 years ago
semyers wrote:
tteresch found another one:
https://github.com/pulp/pulp_rpm/commit/409687edaa792427c7876c815d517b66f05fe25d#diff-5185b3f1e5a02c40a5d198fe779c75fbI'm going to try to see what they have in common, see if there's a way to detect them reliably to find any other issues like this, and finally fix them.
Weeeee that's the same commit and I can't read.
I'm still going to try to figure out what went wrong here, and if there are other problems like it. :)
Added by semyers about 7 years ago
Updated by semyers about 7 years ago
- Status changed from ASSIGNED to CLOSED - CURRENTRELEASE
- Platform Release set to master
I was worried that this was related to some recent merge issues that happened when we created the 3.0-dev branch, but (thankfully? ...) it was just a bad merge forward on my part. I cherry-picked the changes back up to master from the 2.10-dev commit (linked to this issue) and this should be fine now.
I must not merge forward badly...
I must not merge forward badly...
I must not merge forward badly...
Reclassify signature verification as signature and key ID filtering
This is a cherry-pick of 409687edaa792427c7876c815d517b66f05fe25d, which I didn't merge forward properly to master. :(
The features introduced in #1991 (https://pulp.plan.io/issues/1991) only act as filters based on whether or not a package is signed, and the short key ID of the key used to generate that signature. This changes any reference to "verification" introduced with those changes to "GPG Key ID filtering", and in general attempted to clarify that this is not a security feature, while still leaving it possible to (hopefully) do GPG package signature verification in a future version.
fixes #2188 https://pulp.plan.io/issues/2188