rpm --nosignature reversed meaning

Tomasz Pala gotar at polanet.pl
Sat Sep 10 20:32:43 CEST 2016

On Sat, Sep 10, 2016 at 09:46:17 -0400, Jeffrey Johnson wrote:

>>> is not enough/complete. And I've just found this (some 'triple negation' issues), as recently noted in
>>> http://rpm5.org/community/rpm-devel/5655.html
>>> Jeff, this seems to BE the case - verification is reverted only for
>>> --query mode, --verify mode works as expected.
> What was the fix?
> AFAIK, the problem was concatenating both an armored RSA and a DSA pubkey in the same file.
> Separate files (or separate "rpm ???import 0x?????? by keyid using hkp://) are ???fixes???.

The patch from the rpm-devel maillist above fixed --nosignature working
the opposite way as expected, i.e. veryfying signature with
--nosignature option given and NOT veryfying it by default in --query
mode. And it does not break proper behaviour in --verify mode.

Tomasz Pala <gotar at pld-linux.org>

More information about the pld-devel-en mailing list