From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1 Description of problem: "rpm --checksig filename-with-no-file" is silent. It should complain that the file is missing. There is an indication of failure: rpm --checksig appears to set the exit status to the count of files with problems, including missing files. That is not documented in rpm(8). It is not normal for an exit status to be a count; it is dangerous since the status must be a small integer and could overflow easily. $ rpm --checksig silly ; echo $? 1 $ rpm --checksig silly sally ; echo $? 2 $ rpm --checksig silly sally solly ; echo $? 3 $ rpm --checksig silly sally solly sully ; echo $? 4 $ rpm --checksig silly /dev/null ; echo $? error: /dev/null: not an rpm package 2 Version-Release number of selected component (if applicable): rpm-4.3.2-21 How reproducible: Always Steps to Reproduce: 1. rpm --checksig sillyname 2. echo status $? . Actual Results: output: status 1 Expected Results: error: open of sillyname failed: No such file or directory status 1 Additional info: seems to go back to at least RHL8 (oldest system I have on at the moment). Conversation from #rpm IRC channel: <dhr> I am surprised that "rpm --checksig nonexistent_name" prints no diagnostic. Is this a misfeature? <dhr> I am using rpm-4.3.2-21 on Fedora Core 3. <jbj> dhr: yes, misfeature. meanwhile, --checksig is mostly pointless, signatures are always checked everwhere. and --checksig is popt alias which execs /usr/lib/rpm/rpmk, which is where the misfeature creeps in, pretending that same old, same old, "stuff" is useful. <dhr> I use checksig to verify stuff downloaded to my repository/cache. I don't (immediately) use those rpms in any other way. So checksig appears to be the only sensible choice. <jbj> dhr: rpm -qp mostly same as --checksig. <dhr> jbj: thanks. Does not show what was checked (could add some --query-format, I guess).
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
This bug/misfeature is still present in F7
I should have mentioned in #2 that I tested with rpm-4.4.2-46.fc7
[jbj@jack ~]$ rpm --checksig silly sally solly sully ; echo $? 4 [jbj@jack ~]$ rpm --version RPM version 5.0
User pnasrat's account has been closed
Reassigning to owner after bugzilla made a mess, sorry about the noise...
[pmatilai@localhost rpm]$ ./rpmk --checksig doesntexist.rpm; echo $? error: doesntexist.rpm: open failed: No such file or directory 1 Fixed upstream now.
rpm-4.4.2.2-2.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rpm'
rpm-4.4.2.2-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.