Bug 40088 - RFE: Add RPM verification
Summary: RFE: Add RPM verification
Status: CLOSED DUPLICATE of bug 40045
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: installer   
(Show other bugs)
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Brent Fox
QA Contact: Brock Organ
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2001-05-10 15:29 UTC by Patrick C. F. Ernzer
Modified: 2007-04-18 16:33 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-14 19:12:16 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Patrick C. F. Ernzer 2001-05-10 15:29:15 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2 i686; en-US; rv:0.9)

Description of problem:
It would be really nice if the installer could verify RPM files before
installing them and issue an error if the verification fails

How reproducible:

Steps to Reproduce:
1. give the installer one or more RPMs that are broken (GPG or MD5 NOT OK)
2. install
3. installer accepts the file

Actual Results:  Potential to install broken RPMs

Expected Results:  A dialog along these lines, an option for kickstart and
an entry in the install.log

The package <name> failed verification.
What do you want to do?
'Skip the package', 'Try again', 'Install anyway'

Additional info:

Comment 1 Brent Fox 2001-05-14 19:12:11 UTC

*** This bug has been marked as a duplicate of 40045 ***

Comment 2 Patrick C. F. Ernzer 2001-08-27 16:32:18 UTC
While I agree with your comment in bug 40045 that giving the user any options is
problematic, I would still like to see the addition of a 'rpm --checksig' for
each package prior to installation of the package so that we do not install
broken packages. Even if this means bailing out of anaconda on failure.

Note You need to log in before you can comment on or make changes to this bug.