Bug 155079 - rpm --checksig silently ignores nonexistent files
rpm --checksig silently ignores nonexistent files
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
Depends On:
  Show dependency treegraph
Reported: 2005-04-15 20:44 EDT by D. Hugh Redelmeier
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-24 03:14:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description D. Hugh Redelmeier 2005-04-15 20:44:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
"rpm --checksig filename-with-no-file" is silent.  It should complain that the file is missing.

There is an indication of failure: rpm --checksig appears to set the exit status to the count of files with problems, including missing files.  That is not documented in rpm(8).  It is not normal for an exit status to be a count; it is dangerous since the status must be a small integer and could overflow easily.

$ rpm --checksig silly ; echo $?
$ rpm --checksig silly sally ; echo $?
$ rpm --checksig silly sally solly ; echo $?
$ rpm --checksig silly sally solly sully ; echo $?
$ rpm --checksig silly /dev/null ; echo $?
error: /dev/null: not an rpm package

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  rpm --checksig sillyname
2.  echo status $?

Actual Results:  output:
status 1

Expected Results:  error: open of sillyname failed: No such file or directory
status 1

Additional info:

seems to go back to at least RHL8 (oldest system I have on at the moment).

Conversation from #rpm IRC channel:
<dhr> I am surprised that "rpm --checksig nonexistent_name" prints no diagnostic.  Is this a misfeature?
<dhr> I am using rpm-4.3.2-21 on Fedora Core 3.
<jbj> dhr: yes, misfeature. meanwhile, --checksig is mostly pointless, signatures are always checked everwhere. and --checksig is popt alias which execs /usr/lib/rpm/rpmk, which is where the misfeature creeps in, pretending that same old, same old, "stuff" is useful.
<dhr> I use checksig to verify stuff downloaded to my repository/cache.  I don't (immediately) use those rpms in any other way.  So checksig appears to be the only sensible choice.
<jbj> dhr: rpm -qp mostly same as --checksig.
<dhr> jbj: thanks.  Does not show what was checked (could add some --query-format, I guess).
Comment 1 Matthew Miller 2006-07-10 19:23:13 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 2 D. Hugh Redelmeier 2007-07-05 10:45:09 EDT
This bug/misfeature is still present in F7
Comment 3 D. Hugh Redelmeier 2007-07-05 10:52:52 EDT
I should have mentioned in #2 that I tested with rpm-4.4.2-46.fc7
Comment 4 Jeff Johnson 2007-07-05 11:31:36 EDT
[jbj@jack ~]$ rpm --checksig silly sally solly sully ; echo $?
[jbj@jack ~]$ rpm --version
RPM version 5.0

Comment 5 Red Hat Bugzilla 2007-08-21 01:19:53 EDT
User pnasrat@redhat.com's account has been closed
Comment 6 Panu Matilainen 2007-08-22 02:31:54 EDT
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 7 Panu Matilainen 2007-09-04 03:24:54 EDT
[pmatilai@localhost rpm]$ ./rpmk --checksig doesntexist.rpm; echo $?
error: doesntexist.rpm: open failed: No such file or directory

Fixed upstream now.
Comment 8 Fedora Update System 2007-10-12 16:02:34 EDT
rpm- has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rpm'
Comment 9 Fedora Update System 2007-10-24 03:13:54 EDT
rpm- has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.