Print more informative errors for cert import

Resolves: RHEL-75579

rust-rpm-sequoia-1.10.1.1-sha1.patch

@@ -0,0 +1,74 @@
+From 4a6e83c723b33e907a0943a3c7b1e262b6bec5ea Mon Sep 17 00:00:00 2001
+From: "Neal H. Walfield" <neal@pep.foundation>
+Date: Thu, 12 Mar 2026 09:55:20 +0100
+Subject: [PATCH] Improve lints.
+
+  - When including an error in a lint, don't just include the
+    top-level error, but also the causes.
+
+  - Fixes #110.
+---
+ src/lib.rs | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/lib.rs b/src/lib.rs
+index 71b98aa..e2264cf 100644
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -189,6 +189,10 @@ fn error_chain(err: &anyhow::Error) -> Vec<String> {
+     errs
+ }
+ 
++fn error_chain_display(err: &anyhow::Error) -> String {
++    error_chain(err).join(", because ")
++}
++
+ // Generate macros for working with lints.
+ //
+ // Note: $dollar is a hack, which we use because nested macros with
+@@ -1727,7 +1731,8 @@ fn _pgpPubKeyLint(pkts: *const c_char,
+     let usable = 'done : loop {
+         match cert.with_policy(&*P.read().unwrap(), None) {
+             Err(err) => {
+-                lint(&format!("Policy rejects {}: {}", cert.keyid(), err));
++                lint(&format!("Policy rejects {}: {}",
++                              cert.keyid(), error_chain_display(&err)));
+                 break 'done false;
+             }
+             Ok(vc) => {
+@@ -1757,10 +1762,10 @@ fn _pgpPubKeyLint(pkts: *const c_char,
+                     if let Some(e) = vc.primary_key().key_expiration_time() {
+                         if e <= SystemTime::now() {
+                             lint(&format!("The certificate is expired: {}",
+-                                          err));
++                                          error_chain_display(&err)));
+                         } else {
+                             lint(&format!("The certificate is not live: {}",
+-                                          err));
++                                          error_chain_display(&err)));
+                         }
+                     }
+                 }
+@@ -1774,7 +1779,7 @@ fn _pgpPubKeyLint(pkts: *const c_char,
+             match ka.with_policy(&*P.read().unwrap(), None) {
+                 Err(err) => {
+                     lint(&format!("Policy rejects subkey {}: {}",
+-                                  keyid, err));
++                                  keyid, error_chain_display(&err)));
+                     continue;
+                 }
+                 Ok(ka) => {
+@@ -1814,10 +1819,10 @@ fn _pgpPubKeyLint(pkts: *const c_char,
+                         if let Some(e) = ka.key_expiration_time() {
+                             if e <= SystemTime::now() {
+                                 lint(&format!("Subkey {} is expired: {}",
+-                                              keyid, err));
++                                              keyid, error_chain_display(&err)));
+                             } else {
+                                 lint(&format!("Subkey {} is not live: {}",
+-                                              keyid, err));
++                                              keyid, error_chain_display(&err)));
+                             }
+                         }
+                         continue;
+

rust-rpm-sequoia.spec

@@ -24,6 +24,7 @@ Source:         %{crate}-%{version}.tar.gz
 #   tar -czf ../rpm-sequoia-vendor-1.10.1.1.tar.gz vendor
 Source1:        %{crate}-vendor-%{version}.tar.gz
 Source2:        vendor.toml
+Patch:          rust-rpm-sequoia-1.10.1.1-sha1.patch
 
 %if 0%{?rhel}
 BuildRequires:  rust-toolset
@@ -75,7 +76,7 @@ Requires:       %{crate}%{?_isa} = %{version}-%{release}
 %{_libdir}/pkgconfig/rpm-sequoia.pc
 
 %prep
-%autosetup -n %{crate}-%{version} -N -a1
+%autosetup -n %{crate}-%{version} -a1 -p1
 %cargo_prep -N
 # include full configuration for vendored dependencies
 cat %{SOURCE2} >> .cargo/config.toml