Bug 70366 - --checksig, no key, corrupted key# output
--checksig, no key, corrupted key# output
Status: CLOSED RAWHIDE
Product: Red Hat Public Beta
Classification: Retired
Component: rpm (Show other bugs)
limbo
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
:
Depends On:
Blocks: 67218
  Show dependency treegraph
 
Reported: 2002-07-31 16:37 EDT by Michael Schwendt
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-08-02 13:51:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
demonstration (18.07 KB, image/png)
2002-08-02 11:37 EDT, Michael Schwendt
no flags Details

  None (edit)
Description Michael Schwendt 2002-07-31 16:37:10 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020724

Description of problem:
Upon verifying the most recent Valhalla errata package release with rpm
--checksig, I used my Limbo beta2 test machine accidentally. It doesn't have Red
Hat's GPG public key installed and weird output was the result.

Steps to Reproduce:
1. rpm --checksig mm*.rpm
	

Actual Results:  [This is cut'n'paste mess, of course. You get the idea
nevertheless, I think. :)  In console it looks different. ]

mm-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS:
GPG#db42a60eH@�������) 
mm-devel-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS:
GPG#db42a60eH@�������) 


Expected Results:

mm-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#DB42A60E) 
mm-devel-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#DB42A60E) 


Version-Release number of selected component (if applicable):
4.1-0.57

How reproducible:
Always
Comment 1 Jeff Johnson 2002-08-02 08:58:18 EDT
WORKSFORME, rpm-4.1-0.63:
bash$ rpm --checksig mm-*
mm-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#db42a60e) 
mm-devel-1.1.3-8.i386.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#db42a60e) 

But then I can't tell what you have cut and pasted above.
Comment 2 Michael Schwendt 2002-08-02 10:47:31 EDT
"WORKSFORME"? Yeah, probably because you are using a newer version of RPM that I
have reported.

That's one reason why I dislike submitting bug reports sometimes.

Can anything between 0.57 and 0.63 be tracked down as having fixed this bug?

Please verify with:

> Version-Release number of selected component (if applicable):
> 4.1-0.57
Comment 3 Jeff Johnson 2002-08-02 10:54:14 EDT
What would you suggest as an adequate test?
I've already reproduced the problem as WORKSFORME
with rpm-4.1-0.63.

I have no idea (because of cut-n-paste damage)
what problem I'm trying to do a regression on.
Comment 4 Michael Schwendt 2002-08-02 10:59:17 EDT
An adequate test would be to verify my bug report with 4.1-0.57 and then check
the changelog of newer versions on whether there was any issue like that. If
nothing has been tracked as having fixed this, it might come back later. And in
case simple rebuilding of rpm 4.1-0.57 would have helped, too, the proper
resolution would be "FIXED".

[I'm currently downloading the 4.1-0.63 RPM from Raw Hide to verify the resolution.]
Comment 5 Jeff Johnson 2002-08-02 11:12:18 EDT
WORKSFORME with rpm-4.1-0.57:

bash$ sudo rpm -Uvh --oldpackage *
warning: popt-1.7-0.57.i386.rpm: Header V3 DSA signature: NOKEY, key ID 897da07a
Preparing...                ########################################### [100%]
   1:popt                   ########################################### [ 20%]
   2:rpm                    ########################################### [ 40%]
   3:rpm-build              ########################################### [ 60%]
   4:rpm-devel              ########################################### [ 80%]
   5:rpm-python             ########################################### [100%]
...
bash$ rpm -Kvv mm*
D: Expected size:        15223 = lead(96)+sigs(181)+pad(3)+data(14943)
D:   Actual size:        15223
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D: ========== DSA pubkey id 219180cddb42a60e
mm-1.1.3-8.i386.rpm:
    MD5 digest: OK (37e09fa1afba30d4c786de4114973abb)
    V3 DSA signature: BAD, key ID db42a60e
D: Expected size:        26766 = lead(96)+sigs(181)+pad(3)+data(26486)
D:   Actual size:        26766
mm-devel-1.1.3-8.i386.rpm:
    MD5 digest: OK (a207b10488b2f7008a40cd000b83296c)
    V3 DSA signature: BAD, key ID db42a60e
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Packages

bash$ rpm --version
RPM version 4.1
bash$ rpm -q rpm
rpm-4.1-0.57

There are no (rpm anyways) pertinent changes since -0.57

Starting to smell like locales are involved, however.


Comment 6 Jeff Johnson 2002-08-02 11:17:03 EDT
Not that the "BAD" signature verification is from
having a signed pubkey (that is V4, rpm does not handle
V4 OpenPGP keys) installed ATM.
Comment 7 Michael Schwendt 2002-08-02 11:17:57 EDT
I'll look into that and try to come up with a better test-case. First I'll need
to recover from the following Raw Hide trap: ;)

# rpm -Uvh --oldpackage rpm-4.1-0.57.i386.rpm 
warning: rpm-4.1-0.57.i386.rpm: Header V3 DSA signature: NOKEY, key ID 897da07a
Preparing...                ########################################### [100%]
        package rpm-4.1-0.57 is intended for a i386 architecture
Comment 8 Michael Schwendt 2002-08-02 11:37:11 EDT
Created attachment 68484 [details]
demonstration
Comment 9 Jeff Johnson 2002-08-02 12:09:34 EDT
Got it, 8 bytes copied, 4 bytes were available, if 5th
byte happens to be '\0' it happens to work.

Fix should be in rpm-4.1-0.66 when built.

Thanks for the patience. The other problem, misidentifying
and athlon with CMOV as "i786" is already fixed. You
can work around by doing

	echo "athlon-redhat-linux-gnu" > /etc/rpm/platform
Comment 10 Jeff Johnson 2002-08-02 12:24:20 EDT
Hmmm no I don't got it either, I forgot
the hex conversion.

FWIW, strstr and stpncpy are being used
to scrape the keyid out of an output
buffer, all this code is very ick.

Ahhh, there it is, stpncpy is not copying
the final '\0'
Comment 11 Michael Schwendt 2002-08-02 13:52:04 EDT
Ok, rpm-4.1-0.66 then. :)

Note You need to log in before you can comment on or make changes to this bug.