Bug 155079

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
"rpm --checksig filename-with-no-file" is silent.  It should complain that the file is missing.

There is an indication of failure: rpm --checksig appears to set the exit status to the count of files with problems, including missing files.  That is not documented in rpm(8).  It is not normal for an exit status to be a count; it is dangerous since the status must be a small integer and could overflow easily.

$ rpm --checksig silly ; echo $?
1
$ rpm --checksig silly sally ; echo $?
2
$ rpm --checksig silly sally solly ; echo $?
3
$ rpm --checksig silly sally solly sully ; echo $?
4
$ rpm --checksig silly /dev/null ; echo $?
error: /dev/null: not an rpm package
2


Version-Release number of selected component (if applicable):
rpm-4.3.2-21

How reproducible:
Always

Steps to Reproduce:
1.  rpm --checksig sillyname
2.  echo status $?
.
  

Actual Results:  output:
status 1

Expected Results:  error: open of sillyname failed: No such file or directory
status 1

Additional info:

seems to go back to at least RHL8 (oldest system I have on at the moment).

Conversation from #rpm IRC channel:
<dhr> I am surprised that "rpm --checksig nonexistent_name" prints no diagnostic.  Is this a misfeature?
<dhr> I am using rpm-4.3.2-21 on Fedora Core 3.
<jbj> dhr: yes, misfeature. meanwhile, --checksig is mostly pointless, signatures are always checked everwhere. and --checksig is popt alias which execs /usr/lib/rpm/rpmk, which is where the misfeature creeps in, pretending that same old, same old, "stuff" is useful.
<dhr> I use checksig to verify stuff downloaded to my repository/cache.  I don't (immediately) use those rpms in any other way.  So checksig appears to be the only sensible choice.
<jbj> dhr: rpm -qp mostly same as --checksig.
<dhr> jbj: thanks.  Does not show what was checked (could add some --query-format, I guess).