Bug 147959 - hdrFromFdno fails with NOKEY
Summary: hdrFromFdno fails with NOKEY
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-14 03:17 UTC by Paul Nasrat
Modified: 2014-01-21 22:51 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-02-14 16:27:47 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Paul Nasrat 2005-02-14 03:17:25 UTC
Description of problem:

hdrFromFdno now fails on NOKEY, however it doesn't set the hdr so if you wanted
to have a policy in rpm python application of ignoring key checking you can't
inspect the error type.

Version-Release number of selected component (if applicable):

rpm-4.4.1-0.22


How reproducible:

Always

Steps to Reproduce:

rpm -E '%_hkp_keyserver'
%{unknown_macro}

generate key not imported to rpmdb/erase your signing key from rpmdb

rpm --resign simple-1.0-1.noarch.rpm
run test script

#!/usr/bin/python
import rpm,os,sys

ts = rpm.ts()
f = os.open("simple-1.0-1.noarch.rpm", os.O_RDONLY)

h = ts.hdrFromFdno(f)
os.close(f)
  
Actual results:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 831ffbca
Traceback (most recent call last):
  File "testrpm.py", line 8, in ?
    h = ts.hdrFromFdno(f)
_rpm.error: public key not available


Expected results:

Works or definable policy with NOKEY handling

Additional info:

Comment 1 Mike McLean 2005-02-14 15:44:15 UTC
Is ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) not sufficient here?

Comment 2 Jeff Johnson 2005-02-14 16:27:47 UTC
Disabling keyserver lookup is probably the easiest fix. used addMacro
method to define
    %_hkp_keyserver  %{nil}

ts.setVSFlags() is sufficient only until the method goes away so
that rpm has a globally enforcing, not application specific,
signature checking policy.
    


Note You need to log in before you can comment on or make changes to this bug.