rpm --nosignature reversed meaning
gotar at polanet.pl
Sat Sep 10 20:32:43 CEST 2016
On Sat, Sep 10, 2016 at 09:46:17 -0400, Jeffrey Johnson wrote:
>>> is not enough/complete. And I've just found this (some 'triple negation' issues), as recently noted in
>>> Jeff, this seems to BE the case - verification is reverted only for
>>> --query mode, --verify mode works as expected.
> What was the fix?
> AFAIK, the problem was concatenating both an armored RSA and a DSA pubkey in the same file.
> Separate files (or separate "rpm ???import 0x?????? by keyid using hkp://) are ???fixes???.
The patch from the rpm-devel maillist above fixed --nosignature working
the opposite way as expected, i.e. veryfying signature with
--nosignature option given and NOT veryfying it by default in --query
mode. And it does not break proper behaviour in --verify mode.
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en