Merge pull request #622 from yast/pkg-gpg-check

Handle GPG check during installation

library/packages/src/modules/PackageCallbacks.rb

@@ -66,6 +66,7 @@ def main
       Yast.import "Progress"
       Yast.import "FileUtils"
       Yast.import "SignatureCheckCallbacks"
+      Yast.import "Linuxrc"
 
       @_provide_popup = false
       @_package_popup = false
@@ -402,6 +403,24 @@ def ProgressPackage(percent)
       true
     end
 
+    # Handle GPG check result (pkgGpgCheck)
+    #
+    # If insecure mode is set to '1', the check result is ignored. Otherwise, no decision is made.
+    # When running on an installed system, it always return "".
+    #
+    # @param data [Hash] Output from `pkgGpgCheck` callback.
+    # @option data [Integer] "CheckPackageResult" Check result code according to libzypp.
+    # @option data [String]  "Package" Package's name.
+    # @option data [String]  "Localpath" Path to RPM file.
+    # @option data [String]  "RepoMediaUrl" Media URL.
+    # @return [String] "I" if the package should be accepted; otherwise
+    #   a blank string is returned (so no decision is made).
+    def pkg_gpg_check(data)
+      log.debug("pkgGpgCheck data: #{data}")
+      insecure = Stage.initial && Linuxrc.InstallInf("Insecure") == "1"
+      insecure ? "I" : ""
+    end
+
     #  After package install.
     #
     #  return "I" for ignore
@@ -2664,6 +2683,9 @@ def SetProvideCallbacks
       Pkg.CallbackDonePackage(
         fun_ref(method(:DonePackage), "string (integer, string)")
       )
+      Pkg.CallbackPkgGpgCheck(
+        fun_ref(method(:pkg_gpg_check), "string(map)")
+      )
 
       nil
     end
@@ -2877,6 +2899,7 @@ def RestoreProvideCallbacks
       Pkg.CallbackStartPackage(nil)
       Pkg.CallbackProgressPackage(nil)
       Pkg.CallbackDonePackage(nil)
+      Pkg.CallbackPkgGpgCheck(nil)
 
       nil
     end

library/packages/test/package_callbacks_test.rb

@@ -207,4 +207,50 @@
       expect(cds).to eq []
     end
   end
+
+  describe "#pkp_gpg_check" do
+    let(:data) { { "CheckResult" => 1 } }
+
+    before do
+      allow(Yast::Linuxrc).to receive(:InstallInf).with("Insecure").and_return(insecure)
+      allow(Yast::Stage).to receive(:initial).and_return(initial)
+    end
+
+    context "during installation" do
+      let(:initial) { true }
+
+      context "and when insecure is not set" do
+        let(:insecure) { nil }
+
+        it "returns ''" do
+          expect(subject.pkg_gpg_check(data)).to eq("")
+        end
+      end
+
+      context "and when Insecure is set to '1'" do
+        let(:insecure) { "1" }
+
+        it "returns 'I'" do
+          expect(subject.pkg_gpg_check(data)).to eq("I")
+        end
+      end
+
+      context "and when Insecure is set but different to '1'" do
+        let(:insecure) { "0" }
+
+        it "returns ''" do
+          expect(subject.pkg_gpg_check(data)).to eq("")
+        end
+      end
+    end
+
+    context "on an installed system" do
+      let(:initial) { false }
+      let(:insecure) { "1" }
+
+      it "returns ''" do
+        expect(subject.pkg_gpg_check(data)).to eq("")
+      end
+    end
+  end
 end

package/yast2.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep  7 12:15:56 UTC 2017 - igonzalezsosa@suse.com
+
+- Fix handling of PGP signatures when running in insecure mode
+  (bsc#1054663)
+- 4.0.4
+
 -------------------------------------------------------------------
 Mon Sep  4 11:32:04 UTC 2017 - ancor@suse.com
 

package/yast2.spec

@@ -17,7 +17,7 @@
 
 
 Name:           yast2
-Version:        4.0.3
+Version:        4.0.4
 Release:        0
 Summary:        YaST2 - Main Package
 License:        GPL-2.0