rpm -Va BAD, key ID

Jeffrey Johnson n3npq at me.com
Wed Feb 11 18:58:12 CET 2015 

On Feb 11, 2015, at 12:48 PM, Elan Ruusamäe wrote:

> On 11.02.2015 15:23, Jeffrey Johnson wrote:
>> DIsable the header signature checking with rpm -Va by removing the lines below in lib/verify.c
>> 
>> 
>> 
>> 73 de Jeff
>> 
>> ===========================================
>>     /* Verify header digest/signature. */
>>     if (qva->qva_flags & (VERIFY_DIGEST | VERIFY_SIGNATURE))
>>     {
>>         const char * horigin = headerGetOrigin(h);
>>         const char * msg = NULL;
>>         size_t uhlen = 0;
>>         void * uh = headerUnload(h, &uhlen);
>>         int lvl = headerCheck(rpmtsDig(ts), uh, uhlen, &msg) == RPMRC_FAIL
>>                 ? RPMLOG_ERR : RPMLOG_DEBUG;
>>         rpmlog(lvl, "%s: %s\n",
>>                 (horigin ? horigin : "verify"), (msg ? msg : ""));
>>         rpmtsCleanDig(ts);
>>         uh = _free(uh);
>>         msg = _free(msg);
>>     }
> 
> applied this patch:
> http://git.pld-linux.org/?p=packages/rpm.git;a=commitdiff;h=8b6cca9fe5a04dd48c84e7fd65fbfd177acaa1b3
> 
> now "rpm -Va >/dev/null" is silent:
> 

Good: that's progress and identifies the code path where the problem lies.

> # rpm -q rpm
> rpm-5.4.15-10.1.x86_64
> # rpm -Va >/dev/null
> #
> 
> i found something weird, if i do rpm -V pkgname, the header verification error is not printed, but rpm -Va shows the error for every package (besides gpg-pubkey) in the system.
> 


Shows WHAT error? I'm missing something here: either rpm -Va is silent (as above) or its not (as you say here)?
Which is it?

Are you compiling rpm with OPENMP? The --verify code paths are multi-threaded.

> # for a in `rpm -qa`; do rpm -V $a; done >/dev/null
> #
> 
> and:
> 
> # rpm -Va >/dev/null 2>out
> # head -n 3 out
> error: rpmdb (h#3): Header V4 DSA signature: BAD, key ID e4f1bc2d
> error: rpmdb (h#4): Header V4 DSA signature: BAD, key ID e4f1bc2d
> error: rpmdb (h#5): Header V4 DSA signature: BAD, key ID e4f1bc2d
> # tail -n 3 out
> error: rpmdb (h#255): Header V4 DSA signature: BAD, key ID e4f1bc2d
> error: rpmdb (h#256): Header V4 DSA signature: BAD, key ID e4f1bc2d
> error: rpmdb (h#257): Header V4 DSA signature: BAD, key ID e4f1bc2d
> # rpm -qa|wc -l
> 186
> # wc -l out
> 177 out
> 

There's no need to count duplicated errors.

73 de Jeff

> -- 
> glen
> 
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en

More information about the pld-devel-en mailing list