Bug 65494

Summary: rpm doesn't recognize --nopgp and --nogpg options
Product: [Retired] Red Hat Raw Hide Reporter: Need Real Name <kimiko>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-05-25 17:24:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2002-05-25 17:24:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.1 (X11; Linux i686; U;) Gecko/20020417

Description of problem:
The man page says rpm should accept the --nopgp and --nogpg options to disable
those tests when checking the signature of a package. The --help option doesn't
list them though and rpm gives an error when they are added on the commandline.

Version-Release number of selected component (if applicable):
rpm-4.1-0.15

How reproducible:
Always

Steps to Reproduce:
rpm --checksig --nopgp [some_package]
or rpm --checksig --nogpg [some_package]
	

Actual Results:  rpm responds with "--nopgp: unknown option" or "--nogpg:
unknown option", without checking the package's signature

Expected Results:  rpm should check the package without using the PGP or GPG tests

Additional info:
Interestingly, if the --no{pgp,gpg} options are omitted to avoid this error,
some packages fail the signature check because of 'missing keys'. It seems that
those packages, although valid, can not pass the check, either because rpm stops
with this error, or because it can not check the GPG or PGP keys.

Comment 1 Jeff Johnson 2002-05-25 17:57:57 UTC
rpm-4.1 does not use gpg/pgp for signature
verification. Yes, the doco needs to be updated,
I'll get there when I get there.