rpm -Va BAD, key ID

Tue Jan 13 17:30:18 CET 2015

rpm -Va emits such messages:

   error: rpmdb (h#123): Header V4 DSA signature: BAD, key ID e4f1bc2d

that's from repeated scratch installs, the key ID stays always the same 
(e4f1bc2d)

i've traced that something between rpm-5.4.14-5.x86_64 and 
rpm-5.4.15-6.x86_64 and have caused it

18:19:15 vagrant[load: 0.44]@pld64 ~$ cat /etc/vagrant_box_build_time
Fri Oct 10 00:22:52 CEST 2014

18:19:16 vagrant[load: 0.40]@pld64 ~$ rpm -q rpm
rpm-5.4.14-5.x86_64

18:19:20 vagrant[load: 0.40]@pld64 ~$ rpm -Va > /dev/null
18:19:54 vagrant[load: 0.45]@pld64 ~$ sudo poldek --up -u rpm
[cut]
18:20:43 vagrant[load: 0.31]@pld64 ~$ rpm -q rpm
rpm-5.4.15-6.x86_64
18:21:36 vagrant[load: 0.14]@pld64 ~$ rpm -Va > /dev/null
error: rpmdb (h#2): Header V4 DSA signature: BAD, key ID e4f1bc2d
error: rpmdb (h#3): Header V4 DSA signature: BAD, key ID e4f1bc2d
...
error: rpmdb (h#147): Header V4 DSA signature: BAD, key ID e4f1bc2d
error: rpmdb (h#148): Header V4 DSA signature: BAD, key ID e4f1bc2d

18:21:53 vagrant[load: 0.17]@pld64 ~$

downgrading back to 5.4.14 (from repackage spool) gives opinion that the 
db itself is not corrupted:

18:24:09 root[load: 0.14]@pld64 ~# rpm --version
rpm (RPM) 5.4.14
18:23:56 root[load: 0.08]@pld64 ~# rpm -Va >/dev/null
18:24:09 root[load: 0.14]@pld64 ~#

the same says db_verify:
18:25:53 root[load: 0.07]@pld64 lib/rpm# db5.2_verify A* Ba* C* 
Dirnames   F* G* I* N* O* P* R* S* T* V*
BDB5105 Verification of Arch succeeded.
BDB5105 Verification of Basenames succeeded.
BDB5105 Verification of Conflictname succeeded.
BDB5105 Verification of Dirnames succeeded.
BDB5105 Verification of Filedigests succeeded.
BDB5105 Verification of Filepaths succeeded.
BDB5105 Verification of Group succeeded.
BDB5105 Verification of Installtid succeeded.
BDB5105 Verification of Name succeeded.
BDB5105 Verification of Nvra succeeded.
BDB5105 Verification of Obsoletename succeeded.
BDB5105 Verification of Os succeeded.
BDB5105 Verification of Packagecolor succeeded.
BDB5105 Verification of Packages succeeded.
BDB5105 Verification of Providename succeeded.
BDB5105 Verification of Pubkeys succeeded.
BDB5105 Verification of Release succeeded.
BDB5105 Verification of Requirename succeeded.
BDB5105 Verification of Seqno succeeded.
BDB5105 Verification of Sha1header succeeded.
BDB5105 Verification of Sigmd5 succeeded.
BDB5105 Verification of Sourcepkgid succeeded.
BDB5105 Verification of Triggername succeeded.
BDB5105 Verification of Version succeeded.

also rpmdbchk  tool by proyvind says 0% damaged with 5.4.14 and  ~1% 
damaged with 5.4.14:

18:26:55 root[load: 0.20]@pld64 rpm/bin# /rpmdbchk --checkonly
checking /var/lib/rpm/Packages: 135/135 100%
0/135 (0.000000%) headers damaged

18:26:36 root[load: 0.10]@pld64 rpm/bin# /rpmdbchk --checkonly
checking /var/lib/rpm/Packages: 2/136 1%
1 (2): Header V4 DSA signature: BAD, key ID e4f1bc2d
checking /var/lib/rpm/Packages: 3/136 2%
...
checking /var/lib/rpm/Packages: 134/136 99%
checking /var/lib/rpm/Packages: 136/136 100%
128/136 (0.941176%) headers damaged

18:26:47 root[load: 0.22]@pld64 rpm/bin#

ps: the vagrant base boxes i've conducted the above tests are available from
ftp://ftp.pld-linux.org/people/glen/vm/th/

pld64-20141009.box - rpm-5.4.14-5.x86_64
pld64-20141205.box - rpm-5.4.15-6.x86_64

-- 
glen