rpm -Va BAD, key ID

Elan Ruusamäe glen at pld-linux.org
Fri Feb 13 09:17:18 CET 2015

On 12.02.2015 19:55, Jeffrey Johnson wrote:
> OK. So you have a workaround (by disabling header signature verification) for -Va for the moment.
> and also have an alternative means to verify header signatures using a shell loop.
i'm surprised that rpm -Va and rpm -V $pkgname use different codepath. 
so you're saying that (with my current package patch) header 
verification is disabled for both? (as no header verification errors are 

> You should also convince yourself that header signatures are verified when installing a package:
> 	rpm -Uvv somepackage*.rpm
but rpm -Uhv $pkg.rpm does not emit header errors. or the extra -v is 
needed to see them? and does my patch that i applied disables it or you 
are talking about current state of pld package (where the patch is applied)?


More information about the pld-devel-en mailing list