[Rpm-maint] next question: can rpm fail (instead of warn) on a bad signature?

Paul Nasrat pnasrat at redhat.com
Fri Dec 15 09:48:15 UTC 2006

On Fri, 2006-12-15 at 01:45 -0800, Shandy Brown wrote:
> > NOT OK will only occur if the file is corrupted - if it is an intact rpm
> > but unsigned it still has a header digest and a header+payload digest to
> > verify it's untampered with.  Thus rpm -K tells you this is the rpm
> > built and intact and the payload and headers are consistent with the
> > digests.
> Is there some other method to detect that an rpm file is not signed?
> Other than installing it and checking with rpm -qi.

You can do it programatically, with --queryformat or use something like
yum with gpgcheck=1.

What actual problem are you trying to solve - as I explained RPM does
not currently enforce a signing policy.


More information about the Rpm-maint mailing list