Managing expired PGP keys in DNF5
Summary
Implementing new logic in DNF5 to remove expired and obsolete PGP keys from the system.
Owner
- Name: Jan Kolarik
- Email: jkolarik@redhat.com
Current status
- Targeted release: Fedora Linux 42
- Last updated: 2024-11-26
- [Announced]
- [<will be assigned by the Wrangler> Discussion thread]
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
We aim to address customer issues when installing RPM packages from repositories while outdated repository keys are present on the system. These issues include expired keys, obsolete signing algorithms (e.g., SHA1), or other problems that could be easily detected by tools like an RPM PGP linter. Currently, GPG checks fail, and users must manually remove expired keys using commands like rpm -e gpg-pubkey-...
.
The proposed solution is a new LIBDNF5 plugin. This plugin will act as a hook, checking for invalid repository PGP keys on the system before executing a DNF transaction.
- Interactive mode: The plugin will prompt the user to confirm the removal of each invalid key.
- Non-interactive mode (e.g., with
-y
or--assumeno
): The plugin will proceed automatically based on the specified user action, either removing the keys or retaining them.
By default, this behavior will be enabled in DNF5, with the option to disable it through configuration.
This enhancement stems from a request in upstream issue and builds upon the existing solution in DNF4. Unlike DNF4's implementation, which is not enabled by default, this change will be integral to the default DNF5 functionality, aligning with its role as the primary package manager in Fedora.
Feedback
Benefit to Fedora
Scope
- Proposal owners:
- Other developers:
- Release engineering: #Releng issue number
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with the Fedora Strategy:
Upgrade/compatibility impact
Early Testing (Optional)
Do you require 'QA Blueprint' support? Y/N
How To Test
User Experience
Dependencies
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
N/A (not a System Wide Change)