Bug 572816 - p2 strategy to trust PGP signatures
This makes users declare whether PGP keys are trusted or not at
installation, and to skip installation if one artifact has no
signature/signer being trusted.
* Propagate the pgp.signatures on local artifact description, so it's
usable for CheckTrust
* Add support in the Trust model for PGP keys
* Add (limited) support for PGP approval in TrustCertificationDialog
* Skip installation is PGP Keys are not trusted (similarly to
certificates).
Current limitations:
* Dialog doesn't show whether a subset of PGP Keys is sufficient to
complete installation (eg 1 artifact may have mulitple signature, only 1
is necessary to be approved for installation to complete, dialog doesn't
show that and gives impression all keys need to be approved)
* The dialog doesn't give any form of hint about how to decide whether
to trust a key or net (eg check PGP key registries and so on); but it's
also the case for certificates apparently...
Change-Id: I65f698c7412027fedefc28ddfaa344caa6bfecdc
# Conflicts:
# bundles/org.eclipse.equinox.p2.ui/src/org/eclipse/equinox/internal/p2/ui/dialogs/TrustCertificateDialog.java
Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/179275
Tested-by: Equinox Bot <equinox-bot@eclipse.org>
Reviewed-by: Mickael Istria <mistria@redhat.com>
28 files changed
