Bug 578322 - Provide a more flexible mechanism for managing and locating
PGP public keys
Provide org.eclipse.equinox.p2.repository.spi.PGPPublicKeyService and
its default registered implementation DefaultPGPPublicKeyService that
supports network access to zero or more key servers with offline
caching, caching of all locally added keys, and access to keys in the
GPG pubring.
Extend ValidationDialogServiceUI to make it aware of the agent such that
it can access the PGPPublicKeyService to provide web-of-trust details to
the user.
Ensure that PGPPublicKeyStore properly handles multiple keys per key ID.
Provide access to the target artifact descriptor via
SimpleArtifactRepository.ArtifactOutputStream.getAdapter so that the
special case handling of PGP properties in
MirrorRequest.getDestinationDescriptor can be moved to
PGPSignatureVerifier.close() to ensure that signatures and the keys used
to verify them follow the artifact during a mirror request.
Simplify CertificateChecker such that it expects the keys used for
signature verification to be present in the artifact properties.
Ensure that PGPSignatureVerifier can deal with multiple keys with the
same key ID. Also verify key expiration (log a warning) and key
revocation (abort the download), guarded by system properties
p2.pgp.verifyExpiration and p2.pgp.verifyRevocation to disable the
checks.
Fix TrustPreferencePage to store keys in a file based on the fingerprint
rather than the key ID and to present to the user the fingerprint rather
than the key ID.
Add a .options file to provide access to the debug/tracing options.
Change-Id: I8c50ce886b9af175db129c7508774d00972a0432
Signed-off-by: Ed Merks <ed.merks@gmail.com>
Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/189910
Tested-by: Equinox Bot <equinox-bot@eclipse.org>
Reviewed-by: Mickael Istria <mistria@redhat.com>
27 files changed
