From 4572ee7ff49d5ced4c53c5d789571adbdbd119bb Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 10 May 2023 10:34:22 +0300
Subject: [PATCH 2/3] Remove redundant and obsolete cruft in
 dnf_keyring_check_untrusted_file()

These APIs have been obsolete for years and now removed in rpm 4.19.
This was always a rather strange way to go at verifying a package,
but now also wholly redundant because the signature are already verified
by rpmcliVerifySignatures().
---
 libdnf/dnf-keyring.cpp | 53 ------------------------------------------
 1 file changed, 53 deletions(-)

diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
index a8fdb993..5f6c7d7f 100644
--- a/libdnf/libdnf/dnf-keyring.cpp
+++ b/libdnf/libdnf/dnf-keyring.cpp
@@ -238,9 +238,7 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
     FD_t fd = NULL;
     gboolean ret = FALSE;
     Header hdr = NULL;
-    pgpDig dig = NULL;
     rpmRC rc;
-    rpmtd td = NULL;
     rpmts ts = NULL;
 
     char *path = g_strdup(filename);
@@ -302,51 +300,6 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
         goto out;
     }
 
-    /* convert and upscale */
-    headerConvert(hdr, HEADERCONV_RETROFIT_V3);
-
-    /* get RSA key */
-    td = rpmtdNew();
-    rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_RSAHEADER, td, HEADERGET_MINMEM));
-    if (rc != RPMRC_NOTFOUND) {
-        /* try to read DSA key as a fallback */
-        rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_DSAHEADER, td, HEADERGET_MINMEM));
-    }
-
-    /* the package has no signing key */
-    if (rc != RPMRC_NOTFOUND) {
-        g_autofree char *package_filename = g_path_get_basename(filename);
-        ret = FALSE;
-        g_set_error(error,
-                    DNF_ERROR,
-                    DNF_ERROR_GPG_SIGNATURE_INVALID,
-                    "package not signed: %s", package_filename);
-        goto out;
-    }
-
-    /* make it into a digest */
-    dig = pgpNewDig();
-    rc = static_cast<rpmRC>(pgpPrtPkts(static_cast<const uint8_t *>(td->data), td->count, dig, 0));
-    if (rc != RPMRC_OK) {
-        g_set_error(error,
-                    DNF_ERROR,
-                    DNF_ERROR_FILE_INVALID,
-                    "failed to parse digest header for %s",
-                    filename);
-        goto out;
-    }
-
-    /* does the key exist in the keyring */
-    rc = rpmKeyringLookup(keyring, dig);
-    if (rc != RPMRC_OK) {
-        g_set_error(error,
-                    DNF_ERROR,
-                    DNF_ERROR_GPG_SIGNATURE_INVALID,
-                    "failed to lookup digest in keyring for %s",
-                    filename);
-        goto out;
-    }
-
     /* the package is signed by a key we trust */
     g_debug("%s has been verified as trusted", filename);
     ret = TRUE;
@@ -355,12 +308,6 @@ out:
 
     if (path != NULL)
         g_free(path);
-    if (dig != NULL)
-        pgpFreeDig(dig);
-    if (td != NULL) {
-        rpmtdFreeData(td);
-        rpmtdFree(td);
-    }
     if (ts != NULL)
         rpmtsFree(ts);
     if (hdr != NULL)
-- 
2.41.0.rc1