Bug 147959 - hdrFromFdno fails with NOKEY
hdrFromFdno fails with NOKEY
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-13 22:17 EST by Paul Nasrat
Modified: 2014-01-21 17:51 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-14 11:27:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Nasrat 2005-02-13 22:17:25 EST
Description of problem:

hdrFromFdno now fails on NOKEY, however it doesn't set the hdr so if you wanted
to have a policy in rpm python application of ignoring key checking you can't
inspect the error type.

Version-Release number of selected component (if applicable):

rpm-4.4.1-0.22


How reproducible:

Always

Steps to Reproduce:

rpm -E '%_hkp_keyserver'
%{unknown_macro}

generate key not imported to rpmdb/erase your signing key from rpmdb

rpm --resign simple-1.0-1.noarch.rpm
run test script

#!/usr/bin/python
import rpm,os,sys

ts = rpm.ts()
f = os.open("simple-1.0-1.noarch.rpm", os.O_RDONLY)

h = ts.hdrFromFdno(f)
os.close(f)
  
Actual results:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 831ffbca
Traceback (most recent call last):
  File "testrpm.py", line 8, in ?
    h = ts.hdrFromFdno(f)
_rpm.error: public key not available


Expected results:

Works or definable policy with NOKEY handling

Additional info:
Comment 1 Mike McLean 2005-02-14 10:44:15 EST
Is ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) not sufficient here?
Comment 2 Jeff Johnson 2005-02-14 11:27:47 EST
Disabling keyserver lookup is probably the easiest fix. used addMacro
method to define
    %_hkp_keyserver  %{nil}

ts.setVSFlags() is sufficient only until the method goes away so
that rpm has a globally enforcing, not application specific,
signature checking policy.
    

Note You need to log in before you can comment on or make changes to this bug.