Breaking Changes
The PGP implementation has been changed to github.com/ProtonMail/go-crypto/openpgp. This was necessary due to the stdlib implementation being deprecated for some time, and also generating invalid PGP signatures which the gpg2 version in RHEL 9 has started rejecting entirely.
If you are creating or validating signatures you will need to adjust your imports correspondingly. See the note in the README:
https://github.com/sassoftware/go-rpmutils/blob/master/README.md#upgrading-from-versions-before-v040
You may encounter an error parsing PGP v3 signatures which are found in many places despite being extremely obsolete:
basesystem-11-13.el9.noarch.rpm ERROR: openpgp: unsupported feature: signature packet version 3
In particular, CentOS 9 still contains some RPMs with v3 signatures, although newer builds seem to have been updated. If this is important to you, see the workaround in the README.
Note that rpmutils has never generated v3 signatures.
What's Changed
- feat!: switch to ProtonMail openpgp implementation
- Replace deprecated syscall package with sys.unix by @drscream in #32
- ci: add workflow with unit tests and lint by @mtharp in #33
Full Changelog: v0.3.0...v0.4.0
