From c65858b71214f88c85b56dd4618437055d1194e4 Mon Sep 17 00:00:00 2001
From: Daniel Alley <dalley@redhat.com>
Date: Sat, 29 Jul 2023 02:07:11 -0400
Subject: [PATCH 1/3] Upgrade RSA dep

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 70d97cb3..1984d9e5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -56,7 +56,7 @@ xz2 = "0.1"
 capctl = "0.2.3"
 
 [dev-dependencies]
-rsa = { version = "0.8" }
+rsa = { version = "0.9.2" }
 rsa-der = { version = "^0.3.0" }
 # Pin time due to msrv
 time = "=0.3.23"

From 2f807a768252287050d84f39917f570066f02da9 Mon Sep 17 00:00:00 2001
From: Daniel Alley <dalley@redhat.com>
Date: Thu, 31 Aug 2023 09:07:18 -0400
Subject: [PATCH 2/3] Release 0.12.1

---
 CHANGELOG.md | 11 +++++++++--
 Cargo.toml   |  4 ++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 802d4fd1..53df5786 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,12 +6,19 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
 ### Added
-- Support for setting file capabilities via the RPMTAGS_FILECAPS header.
-- `PackageMetadata::get_file_entries` method can get capability headers for each file.
+
 - Support for symbolic link in file mode.
 - Make file type const `REGULAR_FILE_TYPE` `DIR_FILE_TYPE` `SYMBOLIC_LINK_FILE_TYPE` public, because `FileMode::file_type` is public, sometimes we need this const to determin file type.
 
+## 0.12.1
+
+### Added
+
+- Support for setting file capabilities via the RPMTAGS_FILECAPS header.
+- `PackageMetadata::get_file_entries` method can get capability headers for each file.
+
 ## 0.12.0
 
 ### Breaking Changes
diff --git a/Cargo.toml b/Cargo.toml
index 1984d9e5..af001c2b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rpm"
-version = "0.12.0"
+version = "0.12.1"
 authors = [
   "René Richter <richterrettich@gmail.com>",
   "Bernhard Schuster <bernhard@ahoi.io>",
@@ -57,7 +57,7 @@ capctl = "0.2.3"
 
 [dev-dependencies]
 rsa = { version = "0.9.2" }
-rsa-der = { version = "^0.3.0" }
+rsa-der = { version = "0.3.0" }
 # Pin time due to msrv
 time = "=0.3.23"
 env_logger = "0.10.0"

From bb5c1ea3b598ebd3e03969508057ab9e1d7ab359 Mon Sep 17 00:00:00 2001
From: Daniel Alley <dalley@redhat.com>
Date: Fri, 1 Sep 2023 17:28:52 -0400
Subject: [PATCH 3/3] Refactor some code that clippy dislikes

Improved logging in the process
---
 src/rpm/signature/pgp.rs | 67 ++++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 33 deletions(-)

diff --git a/src/rpm/signature/pgp.rs b/src/rpm/signature/pgp.rs
index 7600427a..1d9c98d5 100644
--- a/src/rpm/signature/pgp.rs
+++ b/src/rpm/signature/pgp.rs
@@ -162,41 +162,42 @@ impl traits::Verifying for Verifier {
                 );
             }
 
-            self.public_key
-                .public_subkeys
-                .iter()
-                .filter(|sub_key| {
-                    if sub_key.key_id().as_ref() == key_id.as_ref() {
-                        log::trace!(
-                            "Found a matching key id {:?} == {:?}",
-                            sub_key.key_id(),
-                            key_id
-                        );
-                        true
-                    } else {
-                        log::trace!("Not the one we want: {:?}", sub_key);
-                        false
-                    }
-                })
-                .fold(
-                    Err(Error::KeyNotFoundError {
-                        key_ref: format!("{:?}", key_id),
-                    }),
-                    |previous_res, sub_key| {
-                        if previous_res.is_err() {
-                            log::trace!("Test next candidate subkey");
-                            signature.verify(sub_key, &mut data).map_err(|e| {
-                                Error::VerificationError {
-                                    source: Box::new(e),
-                                    key_ref: format!("{:?}", sub_key.key_id()),
-                                }
+            let mut result = Err(Error::KeyNotFoundError {
+                key_ref: format!("{:?}", key_id),
+            });
+            for sub_key in &self.public_key.public_subkeys {
+                log::trace!("Trying subkey candidate {:?}", sub_key.key_id());
+
+                if sub_key.key_id().as_ref() == key_id.as_ref() {
+                    log::trace!(
+                        "Subkey key id {:?} matches signature key id",
+                        sub_key.key_id()
+                    );
+
+                    match signature.verify(sub_key, &mut data) {
+                        Ok(_) => {
+                            log::trace!(
+                                "Signature successfully verified with subkey {:?}",
+                                sub_key.key_id()
+                            );
+                            return Ok(());
+                        }
+                        Err(e) => {
+                            log::trace!("Subkey verification failed");
+                            result = Err(Error::VerificationError {
+                                source: Box::new(e),
+                                key_ref: format!("{:?}", sub_key.key_id()),
                             })
-                        } else {
-                            log::trace!("Signature already verified, nop");
-                            Ok(())
                         }
-                    },
-                )
+                    }
+                } else {
+                    log::trace!(
+                        "Subkey key id {:?} does not match signature",
+                        sub_key.key_id()
+                    );
+                }
+            }
+            result
         } else {
             log::trace!(
                 "Signature has no issuer ref, attempting primary key: {:?}",