From 5230ce28485db6a9a72efbed2466202e924ed4aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ladislav=20Slez=C3=A1k?= <lslezak@suse.cz>
Date: Tue, 7 Feb 2017 17:37:39 +0100
Subject: [PATCH 1/2] Support for unsigned repositories (bsc#1009127)

---
 .../src/modules/SignatureCheckDialogs.rb      | 63 +++++++++++++------
 1 file changed, 43 insertions(+), 20 deletions(-)

diff --git a/library/packages/src/modules/SignatureCheckDialogs.rb b/library/packages/src/modules/SignatureCheckDialogs.rb
index bff1bddef..33745599e 100644
--- a/library/packages/src/modules/SignatureCheckDialogs.rb
+++ b/library/packages/src/modules/SignatureCheckDialogs.rb
@@ -239,10 +239,10 @@ def CheckSignaturesInYaST
       @check_signatures
     end
 
-    # Used for unsiged file or package. Opens dialog asking whether user wants
+    # Used for unsiged file, package or repository. Opens dialog asking whether user wants
     # to use this unsigned item.
     #
-    # @param [Symbol] item_type `file or `package
+    # @param [Symbol] item_type :file, :package or :repository
     # @param [String] item_name file name or package name
     # @param [String] dont_show_dialog_ident for the identification in magic "don't show" functions
     # @return [Boolean] use or don't use ('true' if 'yes')
@@ -271,6 +271,19 @@ def UseUnsignedItem(item_type, item_name, dont_show_dialog_ident, repository)
               "\n" \
               "Install it anyway?"
           )
+        elsif item_type == :repository
+          # TRANSLATORS: Yes/No popup
+          # (%1 is not used)
+          # %2 is a repository name
+          # %3 is URL of the repository
+          _("Repository \"%2\" (%3)\n" \
+            "is not digitally signed.\n" \
+            "\n" \
+            "This means that the origin and integrity of the repository cannot be verified.\n" \
+            "Installing the packages from this repository may put the integrity \n" \
+            "of your system at risk.\n" \
+            "\n" \
+            "Use the repository anyway?")
         else
           item_name = strip_download_prefix(item_name)
           # popup question, %1 stands for the filename
@@ -291,28 +304,36 @@ def UseUnsignedItem(item_type, item_name, dont_show_dialog_ident, repository)
         Ops.get_locale(repo, "url", _("Unknown"))
       )
 
+      again_widget = if dont_show_dialog_ident.nil?
+        Empty()
+      else
+        Left(
+          MarginBox(
+            0,
+            1.2,
+            CheckBox(
+              Id(:dont_show_again),
+              Message.DoNotShowMessageAgain,
+              GetShowThisPopup(dont_show_dialog_ident, item_name) ? false : true
+            )
+          )
+        )
+      end
+
       UI.OpenDialog(
         Opt(:decorated),
         VBox(
           Heading(
             if item_type == :package
               _("Unsigned Package")
+            elsif item_type == :repository
+              _("Unsigned Repository")
             else
               _("Unsigned File")
             end
           ),
           MarginBox(0.5, 0.5, Label(description_text)),
-          Left(
-            MarginBox(
-              0,
-              1.2,
-              CheckBox(
-                Id(:dont_show_again),
-                Message.DoNotShowMessageAgain,
-                GetShowThisPopup(dont_show_dialog_ident, item_name) ? false : true
-              )
-            )
-          ),
+          again_widget,
           YesNoButtons(:no)
         )
       )
@@ -321,13 +342,15 @@ def UseUnsignedItem(item_type, item_name, dont_show_dialog_ident, repository)
       # default value
       ret = false if ret.nil?
 
-      # Store the don't show value, store the default return value
-      HandleDoNotShowDialogAgain(
-        ret,
-        dont_show_dialog_ident,
-        :dont_show_again,
-        item_name
-      )
+      if !dont_show_dialog_ident.nil?
+        # Store the don't show value, store the default return value
+        HandleDoNotShowDialogAgain(
+          ret,
+          dont_show_dialog_ident,
+          :dont_show_again,
+          item_name
+        )
+      end
 
       UI.CloseDialog
       ret

From c6ef59047e44e8882753582f6a1ad51a7b76b730 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ladislav=20Slez=C3=A1k?= <lslezak@suse.cz>
Date: Wed, 5 Apr 2017 09:39:39 +0200
Subject: [PATCH 2/2] Update the unsigned repo warning message

---
 library/packages/src/modules/SignatureCheckDialogs.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/packages/src/modules/SignatureCheckDialogs.rb b/library/packages/src/modules/SignatureCheckDialogs.rb
index 33745599e..0ecbb5c16 100644
--- a/library/packages/src/modules/SignatureCheckDialogs.rb
+++ b/library/packages/src/modules/SignatureCheckDialogs.rb
@@ -277,9 +277,15 @@ def UseUnsignedItem(item_type, item_name, dont_show_dialog_ident, repository)
           # %2 is a repository name
           # %3 is URL of the repository
           _("Repository \"%2\" (%3)\n" \
-            "is not digitally signed.\n" \
+            "meta-data is not digitally signed.\n" \
+            "\n" \
+            "This means that the origin and integrity of the repository meta-data\n" \
+            "cannot be verified.\n" \
+            "\n" \
+            "By default, the signatures for each package will be verified prior\n" \
+            "to installation. Additional manual steps may be required to add\n" \
+            "the signing key used to the list of keys trusted for this purpose.\n" \
             "\n" \
-            "This means that the origin and integrity of the repository cannot be verified.\n" \
             "Installing the packages from this repository may put the integrity \n" \
             "of your system at risk.\n" \
             "\n" \