| Summary: | rpm --resign exits on first correctly signed package while it should only skipt it | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Tuomo Soini <tis> | ||||
| Component: | rpm | Assignee: | Panu Matilainen <pmatilai> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.1 | ||||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-10-11 05:39:06 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Actually, with the patch signing won't be skipped, package will be resigned. *** This bug has been marked as a duplicate of bug 707449 *** |
Created attachment 527292 [details] Patch which partially fixes the signing already signed packages problem. rpm-4.8.0 has backported broken change c0aad81e9b17afcbea4008485d354673495eb148 from rpm.org rpm git. That was supposed to fix #488953 but actually introduced even worse regression. When you try to sign packages in directory like: rpm --resign *.rpm rpm will exit with result code 0 when it finds first package which is correctly signed. This leaves very big possibility that you have dir of packages, only first ones being signed. rpm should actually only skip without modifications already singed packages. I attach patch which fixes the problem partially by removing the false exit but it doesn't fix the issue completely because even with patch rpm touches packages which were already signed. Correct behaviour would be not to touch package which have already been correctly signed.