Bug 70366

WORKSFORME, rpm-4.1-0.63:
bash$ rpm --checksig mm-*
mm-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#db42a60e) 
mm-devel-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#db42a60e) 

But then I can't tell what you have cut and pasted above.

"WORKSFORME"? Yeah, probably because you are using a newer version of RPM that I
have reported.

That's one reason why I dislike submitting bug reports sometimes.

Can anything between 0.57 and 0.63 be tracked down as having fixed this bug?

Please verify with:

> Version-Release number of selected component (if applicable):
> 4.1-0.57

What would you suggest as an adequate test?
I've already reproduced the problem as WORKSFORME
with rpm-4.1-0.63.

I have no idea (because of cut-n-paste damage)
what problem I'm trying to do a regression on.

An adequate test would be to verify my bug report with 4.1-0.57 and then check
the changelog of newer versions on whether there was any issue like that. If
nothing has been tracked as having fixed this, it might come back later. And in
case simple rebuilding of rpm 4.1-0.57 would have helped, too, the proper
resolution would be "FIXED".

[I'm currently downloading the 4.1-0.63 RPM from Raw Hide to verify the resolution.]

WORKSFORME with rpm-4.1-0.57:

bash$ sudo rpm -Uvh --oldpackage *
warning: popt-1.7-0.57.i386.rpm: Header V3 DSA signature: NOKEY, key ID 897da07a
Preparing...                ########################################### [100%]
   1:popt                   ########################################### [ 20%]
   2:rpm                    ########################################### [ 40%]
   3:rpm-build              ########################################### [ 60%]
   4:rpm-devel              ########################################### [ 80%]
   5:rpm-python             ########################################### [100%]
...
bash$ rpm -Kvv mm*
D: Expected size:        15223 = lead(96)+sigs(181)+pad(3)+data(14943)
D:   Actual size:        15223
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D: ========== DSA pubkey id 219180cddb42a60e
mm-1.1.3-8.i386.rpm:
    MD5 digest: OK (37e09fa1afba30d4c786de4114973abb)
    V3 DSA signature: BAD, key ID db42a60e
D: Expected size:        26766 = lead(96)+sigs(181)+pad(3)+data(26486)
D:   Actual size:        26766
mm-devel-1.1.3-8.i386.rpm:
    MD5 digest: OK (a207b10488b2f7008a40cd000b83296c)
    V3 DSA signature: BAD, key ID db42a60e
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Packages

bash$ rpm --version
RPM version 4.1
bash$ rpm -q rpm
rpm-4.1-0.57

There are no (rpm anyways) pertinent changes since -0.57

Starting to smell like locales are involved, however.

Not that the "BAD" signature verification is from
having a signed pubkey (that is V4, rpm does not handle
V4 OpenPGP keys) installed ATM.

I'll look into that and try to come up with a better test-case. First I'll need
to recover from the following Raw Hide trap: ;)

# rpm -Uvh --oldpackage rpm-4.1-0.57.i386.rpm 
warning: rpm-4.1-0.57.i386.rpm: Header V3 DSA signature: NOKEY, key ID 897da07a
Preparing...                ########################################### [100%]
        package rpm-4.1-0.57 is intended for a i386 architecture

Created attachment 68484 [details]
demonstration

Got it, 8 bytes copied, 4 bytes were available, if 5th
byte happens to be '\0' it happens to work.

Fix should be in rpm-4.1-0.66 when built.

Thanks for the patience. The other problem, misidentifying
and athlon with CMOV as "i786" is already fixed. You
can work around by doing

	echo "athlon-redhat-linux-gnu" > /etc/rpm/platform

Hmmm no I don't got it either, I forgot
the hex conversion.

FWIW, strstr and stpncpy are being used
to scrape the keyid out of an output
buffer, all this code is very ick.

Ahhh, there it is, stpncpy is not copying
the final '\0'

Ok, rpm-4.1-0.66 then. :)