On Feb 11, 2015, at 5:10 AM, Elan Ruusamäe wrote:
> On 11.02.2015 00:40, Jeffrey Johnson wrote:
>> I can’t fix what I cannot reproduce.
> as i see it, you do not want to reproduce it. i gave you links to vm's, did you even download them?
>
You gave me a link to the pubkey
> the pubkey is available publicly from ftp:
> ftp://ftp.pld-linux.org/dists/th/PLD-3.0-Th-GPG-key.asc
and the rpm -Vavv output
> rpm -Vavv of 5.4.14 and 5.4.14 can be obtained from here:
> http://carme.pld-linux.org/~glen/rpm-va.tar.xz (75K)
That is insufficient information to diagnose your problem.
DIsable the header signature checking with rpm -Va by removing the lines below in lib/verify.c
73 de Jeff
===========================================
/* Verify header digest/signature. */
if (qva->qva_flags & (VERIFY_DIGEST | VERIFY_SIGNATURE))
{
const char * horigin = headerGetOrigin(h);
const char * msg = NULL;
size_t uhlen = 0;
void * uh = headerUnload(h, &uhlen);
int lvl = headerCheck(rpmtsDig(ts), uh, uhlen, &msg) == RPMRC_FAIL
? RPMLOG_ERR : RPMLOG_DEBUG;
rpmlog(lvl, "%s: %s\n",
(horigin ? horigin : "verify"), (msg ? msg : ""));
rpmtsCleanDig(ts);
uh = _free(uh);
msg = _free(msg);
}