Description of problem: searching for the --checksig and the --import options of the rpm command, but both "man rpm" and "rpm --help" say nothing to these options. Version-Release number of selected component (if applicable): rpm-4.9.0-6.fc15.x86_64 How reproducible: always Steps to Reproduce: 1.man rpm 2. 3. Actual results: neither --import nor --checksig option description Expected results: option description Additional info:
Both options have moved to a new 'rpmkeys' utility (which is mentioned in the "see also" section of the manual). They appear to work with the main rpm executable only because there are backwards-compatibility popt-aliases.
(In reply to comment #1) > Both options have moved to a new 'rpmkeys' utility (which is mentioned in the > "see also" section of the manual). They appear to work with the main rpm > executable only because there are backwards-compatibility popt-aliases. Thank you for clarification :-) JB
It is odd that a separate utility is needed for these operations. But anyways, there is still something inconsistent with man an rpm behavior. `man rpm' shows: QUERYING AND VERIFYING PACKAGES: rpm {-q|--query} [select-options] [query-options] rpm {-V|--verify} [select-options] [verify-options] rpm [--nosignature] [--nodigest] PACKAGE_FILE ... Now if I try the third construct I see this: $ rpm /var/cache/yum/x86_64/18/updates-testing/packages/firewall-applet-0.2.11-2.fc18.noarch.rpm RPM version 4.10.2 Copyright (C) 1998-2002 - Red Hat, Inc. This program may be freely redistributed under the terms of the GNU GPL Usage: rpm [-aKfgpqVcdilsiv?] [-a|--all] [-f|--file] [-g|--group] [-p|--package] [--pkgid] [--hdrid] [--triggeredby] [--whatrequires] [--whatprovides] [--nomanifest] [-c|--configfiles] [-d|--docfiles] [--dump] [-l|--list] [--queryformat=QUERYFORMAT] [-s|--state] [--nofiledigest] [--nofiles] [--nodeps] [--noscript] [--allfiles] [--allmatches] [--badreloc] [-e|--erase <package>+] [--excludedocs] [--excludepath=<path>] [--force] [-F|--freshen <packagefile>+] [-h|--hash] [--ignorearch] [--ignoreos] [--ignoresize] [-i|--install] [--justdb] [--nodeps] [--nofiledigest] [--nocontexts] [--noorder] [--noscripts] [--notriggers] [--nocollections] [--oldpackage] [--percent] [--prefix=<dir>] [--relocate=<old>=<new>] [--replacefiles] [--replacepkgs] [--test] [-U|--upgrade <packagefile>+] [-D|--define 'MACRO EXPR'] [--undefine=MACRO] [-E|--eval 'EXPR'] [--macros=<FILE:...>] [--nodigest] [--nosignature] [--rcfile=<FILE:...>] [-r|--root ROOT] [--dbpath=DIRECTORY] [--querytags] [--showrc] [--quiet] [-v|--verbose] [--version] [-?|--help] [--usage] [--scripts] [--setperms] [--setugids] [--conflicts] [--obsoletes] [--provides] [--requires] [--info] [--changelog] [--xml] [--triggers] [--last] [--dupes] [--filesbypkg] [--fileclass] [--filecolor] [--fscontext] [--fileprovide] [--filerequire] [--filecaps] So problems I see here: * the third construct in man pages does not work; but with -K it works * if third construct has to be removed and -K deemed unsupported then `K' needs to be removed from rpm short help IMO keeping the -K and --chaksig options supported is the proper way to go because this method is widely known in RHEL (including v6), fedora documentation and third party documentation. Please don't break script compatibility for no apparent benefit. doc references (just doing a quick search): https://fedoraproject.org/keys http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch11s04s05.html http://www.rpm.org/max-rpm/ch-rpm-checksig.html https://access.redhat.com/knowledge/es/node/44128 books.google.bg/books?isbn=1590594444 etc. etc.
(In reply to comment #3) > It is odd that a separate utility is needed for these operations. But > anyways, there is still something inconsistent with man an rpm behavior. > > `man rpm' shows: > QUERYING AND VERIFYING PACKAGES: > rpm {-q|--query} [select-options] [query-options] > > rpm {-V|--verify} [select-options] [verify-options] > > rpm [--nosignature] [--nodigest] > PACKAGE_FILE ... [...] > So problems I see here: > * the third construct in man pages does not work; but with -K it works > * if third construct has to be removed and -K deemed unsupported then `K' > needs to be removed from rpm short help The third construct is really just an editing mistake, IIRC the intention was to remove it. Or rather, simply move to rpmkeys(8) manual which is referenced from the main rpm(8) man. Thanks for pointing that out, will fix. > IMO keeping the -K and --chaksig options supported is the proper way to go > because this method is widely known in RHEL (including v6), fedora > documentation and third party documentation. Please don't break script > compatibility for no apparent benefit. That's the reason the popt compatibility aliases exist: to keep existing stuff working. As for the why part: the main rpm executable has too many modes of operation and as a result, way too many switches some of which are ambiguously overloaded. Splitting things allows more room for growth, and allows restricting what the pieces can do: the main rpm executable is "omnipotent" in terms of selinux policy because it has to be able to install and remove anything on the system, whereas eg signature checking and key imports only require read/write access to the keyring (ie rpmdb) and nothing else.
Fixed upstream and likely to get eventually pulled into Fedora via rpm maintenance updates, but hardly worth separetely tracking for a specific Fedora release. Thanks for reporting.