Red Hat Bugzilla – Bug 40088
RFE: Add RPM verification
Last modified: 2007-04-18 12:33:10 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2 i686; en-US; rv:0.9)
Description of problem:
It would be really nice if the installer could verify RPM files before
installing them and issue an error if the verification fails
Steps to Reproduce:
1. give the installer one or more RPMs that are broken (GPG or MD5 NOT OK)
3. installer accepts the file
Actual Results: Potential to install broken RPMs
Expected Results: A dialog along these lines, an option for kickstart and
an entry in the install.log
The package <name> failed verification.
What do you want to do?
'Skip the package', 'Try again', 'Install anyway'
*** This bug has been marked as a duplicate of 40045 ***
While I agree with your comment in bug 40045 that giving the user any options is
problematic, I would still like to see the addition of a 'rpm --checksig' for
each package prior to installation of the package so that we do not install
broken packages. Even if this means bailing out of anaconda on failure.