Revision as of 13:56, 26 November 2024

Managing expired PGP keys in DNF5

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Implementing new logic in DNF5 to remove expired and obsolete PGP keys from the system.

Owner

Name: Jan Kolarik
Email: jkolarik@redhat.com

Current status

Targeted release: Fedora Linux 42
Last updated: 2024-11-26
[Announced]
[<will be assigned by the Wrangler> Discussion thread]
FESCo issue: <will be assigned by the Wrangler>
Tracker bug: <will be assigned by the Wrangler>
Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

We aim to address customer issues when installing RPM packages from repositories while outdated repository keys are present on the system. These issues include expired keys, obsolete signing algorithms (e.g., SHA1), or other problems that could be easily detected by tools like an RPM PGP linter. Currently, GPG checks fail, and users must manually remove expired keys using commands like rpm -e gpg-pubkey-....

The proposed solution is a new LIBDNF5 plugin. This plugin will act as a hook, checking for invalid repository PGP keys on the system before executing a DNF transaction.

Interactive mode: The plugin will prompt the user to confirm the removal of each invalid key.
Non-interactive mode (e.g., with -y or --assumeno): The plugin will proceed automatically based on the specified user action, either removing the keys or retaining them.

By default, this behavior will be enabled in DNF5, with the option to disable it through configuration.

This enhancement stems from a request in upstream issue and builds upon the existing solution in DNF4. Unlike DNF4's implementation, which is not enabled by default, this change will be integral to the default DNF5 functionality, aligning with its role as the primary package manager in Fedora.

Feedback

The proposed solution has been discussed with affected users, including the Mock and Copr teams, as part of the discussions around the existing solution in DNF4.

Additionally, a report from the Kubernetes release team highlights a similar issue, which should also be addressed under the defined behavior.

Benefit to Fedora

This change enables the automatic management of repository keys during software installation or upgrades.

Scope

Proposal owners:

Other developers:

Release engineering: #Releng issue number

Policies and guidelines: N/A (not needed for this Change)

Trademark approval: N/A (not needed for this Change)

Alignment with the Fedora Strategy:

Upgrade/compatibility impact

Early Testing (Optional)

Do you require 'QA Blueprint' support? Y/N

How To Test

User Experience

Dependencies

Contingency Plan

Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
Contingency deadline: N/A (not a System Wide Change)
Blocks release? N/A (not a System Wide Change), Yes/No

Documentation

N/A (not a System Wide Change)

Release Notes

@@ Line 52: / Line 52: @@
 == Benefit to Fedora ==
-<!-- What is the benefit to the distribution?  Will the software we generate be improved? How will the process of creating Fedora releases be improved?
+This change enables the automatic management of repository keys during software installation or upgrades.
-      Be sure to include the following areas if relevant:
-      If this is a major capability update, what has changed?
-           For example: This change introduces Python 5 that runs without the Global Interpreter Lock and is fully multithreaded.
-      If this is a new functionality, what capabilities does it bring?
-           For example: This change allows package upgrades to be performed automatically and rolled-back at will.
-      Does this improve some specific package or set of packages?
-           For example: This change modifies a package to use a different language stack that reduces install size by removing dependencies.
-      Does this improve specific Spins or Editions?
-           For example: This change modifies the default install of Fedora Workstation to be more in line with the base install of Fedora Server.
-      Does this make the distribution more efficient?
-           For example: This change replaces thousands of individual %post scriptlets in packages with one script that runs at the end.
-      Is this an improvement to maintainer processes?
-           For example: Gating Fedora packages on automatic QA tests will make rawhide more stable and allow changes to be implemented more smoothly.
-      Is this an improvement targeted as specific contributors?
-           For example: Ensuring that a minimal set of tools required for contribution to Fedora are installed by default eases the onboarding of new contributors.
-     When a Change has multiple benefits, it's better to list them all.
-     Consider these Change pages from previous editions as inspiration:
-     https://fedoraproject.org/wiki/Changes/Annobin (low-level and technical, invisible to users)
-     https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo (low-level, but visible to advanced users)
-     https://fedoraproject.org/wiki/Changes/VirtualBox_Guest_Integration (primarily a UX change)
-     https://fedoraproject.org/wiki/Changes/NoMoreAlpha (an improvement to distro processes)
-     https://fedoraproject.org/wiki/Changes/perl5.26 (major upgrade to a popular software stack, visible to users of that stack)
--->
 == Scope ==

Search

Changes/Dnf5ExpiredPGPKeys: Difference between revisions