[Rpm-maint] next question: can rpm fail (instead of warn) on a bad signature?
Paul Nasrat
pnasrat at redhat.com
Fri Dec 15 09:11:09 UTC 2006
On Fri, 2006-12-15 at 01:01 -0800, Shandy Brown wrote:
> So I've created an rpm with a "bad" signature (the target box doesn't
> have the public key). But when I install it, it succeeds. I was
> expecting a failure.
>
> rpm -Uvh /yum-2.0.7-3vmw.noarch.rpm
> warning: /yum-2.0.7-3vmw.noarch.rpm: V3 DSA signature: NOKEY, key ID
> e979a084
> Preparing... ###########################################
> [100%]
>
> Is there a way to tell rpm to fail if the signature doesn't check out?
Currently there is no policy enforcement of requiring signatures, within
command line rpm. Other tools sitting on top of rpm such as yum enable
this kind of checking (gpgcheck=1 in the case of yum).
Please note an unknown signature is not the same thing as a "bad"
signature (where the file has been modified/ corrupted).
Paul
More information about the Rpm-maint
mailing list