Bug 708734
| Summary: | the rpm man page says nothing about --import and nothing about --checksig | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Joachim Backes <joachim.backes> |
| Component: | rpm | Assignee: | Panu Matilainen <pmatilai> |
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | akostadi, ffesti, jnovy, pmatilai |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-03-27 07:46:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Joachim Backes
2011-05-29 08:42:06 UTC
Both options have moved to a new 'rpmkeys' utility (which is mentioned in the "see also" section of the manual). They appear to work with the main rpm executable only because there are backwards-compatibility popt-aliases. (In reply to comment #1) > Both options have moved to a new 'rpmkeys' utility (which is mentioned in the > "see also" section of the manual). They appear to work with the main rpm > executable only because there are backwards-compatibility popt-aliases. Thank you for clarification :-) JB It is odd that a separate utility is needed for these operations. But anyways, there is still something inconsistent with man an rpm behavior.
`man rpm' shows:
QUERYING AND VERIFYING PACKAGES:
rpm {-q|--query} [select-options] [query-options]
rpm {-V|--verify} [select-options] [verify-options]
rpm [--nosignature] [--nodigest]
PACKAGE_FILE ...
Now if I try the third construct I see this:
$ rpm /var/cache/yum/x86_64/18/updates-testing/packages/firewall-applet-0.2.11-2.fc18.noarch.rpm
RPM version 4.10.2
Copyright (C) 1998-2002 - Red Hat, Inc.
This program may be freely redistributed under the terms of the GNU GPL
Usage: rpm [-aKfgpqVcdilsiv?] [-a|--all] [-f|--file] [-g|--group] [-p|--package]
[--pkgid] [--hdrid] [--triggeredby] [--whatrequires]
[--whatprovides] [--nomanifest] [-c|--configfiles] [-d|--docfiles]
[--dump] [-l|--list] [--queryformat=QUERYFORMAT] [-s|--state]
[--nofiledigest] [--nofiles] [--nodeps] [--noscript] [--allfiles]
[--allmatches] [--badreloc] [-e|--erase <package>+] [--excludedocs]
[--excludepath=<path>] [--force] [-F|--freshen <packagefile>+]
[-h|--hash] [--ignorearch] [--ignoreos] [--ignoresize] [-i|--install]
[--justdb] [--nodeps] [--nofiledigest] [--nocontexts] [--noorder]
[--noscripts] [--notriggers] [--nocollections] [--oldpackage]
[--percent] [--prefix=<dir>] [--relocate=<old>=<new>]
[--replacefiles] [--replacepkgs] [--test]
[-U|--upgrade <packagefile>+] [-D|--define 'MACRO EXPR']
[--undefine=MACRO] [-E|--eval 'EXPR'] [--macros=<FILE:...>]
[--nodigest] [--nosignature] [--rcfile=<FILE:...>] [-r|--root ROOT]
[--dbpath=DIRECTORY] [--querytags] [--showrc] [--quiet]
[-v|--verbose] [--version] [-?|--help] [--usage] [--scripts]
[--setperms] [--setugids] [--conflicts] [--obsoletes] [--provides]
[--requires] [--info] [--changelog] [--xml] [--triggers] [--last]
[--dupes] [--filesbypkg] [--fileclass] [--filecolor] [--fscontext]
[--fileprovide] [--filerequire] [--filecaps]
So problems I see here:
* the third construct in man pages does not work; but with -K it works
* if third construct has to be removed and -K deemed unsupported then `K' needs to be removed from rpm short help
IMO keeping the -K and --chaksig options supported is the proper way to go because this method is widely known in RHEL (including v6), fedora documentation and third party documentation. Please don't break script compatibility for no apparent benefit.
doc references (just doing a quick search):
https://fedoraproject.org/keys
http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch11s04s05.html
http://www.rpm.org/max-rpm/ch-rpm-checksig.html
https://access.redhat.com/knowledge/es/node/44128
books.google.bg/books?isbn=1590594444
etc. etc.
(In reply to comment #3) > It is odd that a separate utility is needed for these operations. But > anyways, there is still something inconsistent with man an rpm behavior. > > `man rpm' shows: > QUERYING AND VERIFYING PACKAGES: > rpm {-q|--query} [select-options] [query-options] > > rpm {-V|--verify} [select-options] [verify-options] > > rpm [--nosignature] [--nodigest] > PACKAGE_FILE ... [...] > So problems I see here: > * the third construct in man pages does not work; but with -K it works > * if third construct has to be removed and -K deemed unsupported then `K' > needs to be removed from rpm short help The third construct is really just an editing mistake, IIRC the intention was to remove it. Or rather, simply move to rpmkeys(8) manual which is referenced from the main rpm(8) man. Thanks for pointing that out, will fix. > IMO keeping the -K and --chaksig options supported is the proper way to go > because this method is widely known in RHEL (including v6), fedora > documentation and third party documentation. Please don't break script > compatibility for no apparent benefit. That's the reason the popt compatibility aliases exist: to keep existing stuff working. As for the why part: the main rpm executable has too many modes of operation and as a result, way too many switches some of which are ambiguously overloaded. Splitting things allows more room for growth, and allows restricting what the pieces can do: the main rpm executable is "omnipotent" in terms of selinux policy because it has to be able to install and remove anything on the system, whereas eg signature checking and key imports only require read/write access to the keyring (ie rpmdb) and nothing else. Fixed upstream and likely to get eventually pulled into Fedora via rpm maintenance updates, but hardly worth separetely tracking for a specific Fedora release. Thanks for reporting. |