744880 – rpm --resign exits on first correctly signed package while it should only skipt it

Bug 744880 - rpm --resign exits on first correctly signed package while it should only skipt it

Summary: rpm --resign exits on first correctly signed package while it should only ski...

Keywords:
Status:	CLOSED DUPLICATE of bug 707449
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	rpm
Sub Component:
Version:	6.1
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Panu Matilainen
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-10 18:39 UTC by Tuomo Soini
Modified:	2011-10-11 05:39 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-11 05:39:06 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Patch which partially fixes the signing already signed packages problem. (420 bytes, patch) 2011-10-10 18:39 UTC, Tuomo Soini	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Tuomo Soini 2011-10-10 18:39:16 UTC

Created attachment 527292 [details]
Patch which partially fixes the signing already signed packages problem.

rpm-4.8.0 has backported broken change c0aad81e9b17afcbea4008485d354673495eb148 from rpm.org rpm git. That was supposed to fix #488953 but actually introduced even worse regression.

When you try to sign packages in directory like:

rpm --resign *.rpm

rpm will exit with result code 0 when it finds first package which is correctly signed. This leaves very big possibility that you have dir of packages, only first ones being signed.

rpm should actually only skip without modifications already singed packages.

I attach patch which fixes the problem partially by removing the false exit but it doesn't fix the issue completely because even with patch rpm touches packages which were already signed. Correct behaviour would be not to touch package which have already been correctly signed.

Comment 1 Tuomo Soini 2011-10-10 18:48:14 UTC

Actually, with the patch signing won't be skipped, package will be resigned.

Comment 3 Panu Matilainen 2011-10-11 05:39:06 UTC


*** This bug has been marked as a duplicate of bug 707449 ***

Note You need to log in before you can comment on or make changes to this bug.