[Rpm-maint] [rpm-software-management/rpm] Signature verification broken (#330)

Michael Kuhn notifications at github.com
Tue Oct 10 20:44:35 UTC 2017

On a freshly installed Fedora 27 system (RPM 4.14.0-rc2), DNF does not prompt me to install keys even though they are missing (`f5282ee4` is the Fedora 27 key and manually importing it makes the warning go away):

warning: /var/cache/dnf/.../foo.rpm: Header V3 RSA/SHA256 Signature, key ID f5282ee4: NOKEY
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction

I tracked this down to `hdrFromFdno` (in `transaction.py`) not throwing the appropriate exceptions. Instead, `TransactionSetCore.hdrFromFdno` actually returns `0`, even though the above warning is produced. This leads DNF to believe that everything is fine and install the package.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20171010/81bff10d/attachment.html>

More information about the Rpm-maint mailing list