rpm -Va BAD, key ID

[Elan Ruusamäe]

On 11.02.2015 15:23, Jeffrey Johnson wrote:
> DIsable the header signature checking with rpm -Va by removing the lines below in lib/verify.c
>
>
>
> 73 de Jeff
>
> ===========================================
>      /* Verify header digest/signature. */
>      if (qva->qva_flags & (VERIFY_DIGEST | VERIFY_SIGNATURE))
>      {
>          const char * horigin = headerGetOrigin(h);
>          const char * msg = NULL;
>          size_t uhlen = 0;
>          void * uh = headerUnload(h, &uhlen);
>          int lvl = headerCheck(rpmtsDig(ts), uh, uhlen, &msg) == RPMRC_FAIL
>                  ? RPMLOG_ERR : RPMLOG_DEBUG;
>          rpmlog(lvl, "%s: %s\n",
>                  (horigin ? horigin : "verify"), (msg ? msg : ""));
>          rpmtsCleanDig(ts);
>          uh = _free(uh);
>          msg = _free(msg);
>      }

applied this patch:
http://git.pld-linux.org/?p=packages/rpm.git;a=commitdiff;h=8b6cca9fe5a04dd48c84e7fd65fbfd177acaa1b3

now "rpm -Va >/dev/null" is silent:

# rpm -q rpm
rpm-5.4.15-10.1.x86_64
# rpm -Va >/dev/null
#

i found something weird, if i do rpm -V pkgname, the header verification 
error is not printed, but rpm -Va shows the error for every package 
(besides gpg-pubkey) in the system.

# for a in `rpm -qa`; do rpm -V $a; done >/dev/null
#

and:

# rpm -Va >/dev/null 2>out
# head -n 3 out
error: rpmdb (h#3): Header V4 DSA signature: BAD, key ID e4f1bc2d
error: rpmdb (h#4): Header V4 DSA signature: BAD, key ID e4f1bc2d
error: rpmdb (h#5): Header V4 DSA signature: BAD, key ID e4f1bc2d
# tail -n 3 out
error: rpmdb (h#255): Header V4 DSA signature: BAD, key ID e4f1bc2d
error: rpmdb (h#256): Header V4 DSA signature: BAD, key ID e4f1bc2d
error: rpmdb (h#257): Header V4 DSA signature: BAD, key ID e4f1bc2d
# rpm -qa|wc -l
186
# wc -l out
177 out

-- 
glen