Bug 89775
Summary: | "rpm --import" with multiple keys causes severe problems | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | James Ralston <ralston> |
Component: | rpm | Assignee: | Jeff Johnson <jbj> |
Status: | CLOSED WONTFIX | QA Contact: | Mike McLean <mikem> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 9 | CC: | barryn, mitr, scop, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-08-06 13:09:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
James Ralston
2003-04-28 06:56:27 UTC
The database is not corrupted, signatures on headers are failing to verify. Yes, --rebuilddb will skip all headers whose signatures fail to verify. This is deemed a feature, but I can see why you would disagree. Don't do that is basically the answer. Keyring management is up to the user. You can reconstruct the database from the list of packages that were installed located in /var/log/rpmpkgs. Download, rename /var/lib/rpm/Packages, and then install with rpm -Uvh --justdb --noscripts --notriggers --nodeps --noorder *.rpm Deferred to somewhen for multiple pubkey imports. We can argue about whether the database was technically "corrupted" or not, but it's irrelevant: from my point of view, I performed a reasonable operation, and as a result, the RPM database was left in a state where it was useless, and virtually no operations on it succeeded. The most reasonable step I thought of to try next (running --rebuilddb), for all intents and purposes, COMPLETELY DESTROYED the database. Metaphorically speaking, I was driving down the road in my car, and when I attempted to open my sunroof and roll down the window at the same time, my car died. I pulled it off to the side of the road, and when I pulled the hood release, my car exploded in a massive fireball, leaving only a few scraps of rubber behind. I'm not asking you to put my car back together--I did that already. ;) Similarly, I don't need to hear "don't do that", as I already learned that the hard way. I'm asking you to push out an errata update of RPM that, at a minimum, bails out with an error message if the user tries to import multiple public keys at the same time. In other words, don't tell people "don't do that"; make rpm tell people "I'm sorry Dave, but I can't let you do that." Because, IMHO, this bug isn't just a minor inconvenience; it's a hidden pit with big sharp spikes in the bottom. No. I tested this again on rpm-4.2-0.69 (on RHL9), and it appears that --import will only take the first key out of the file, thereby avoiding this problem. Unless someone wants this bug to be open (I wasn't the one who re-opened it), I will go ahead and close it out within the next few days. |