[Rpm-maint] next question: can rpm fail (instead of warn) on a bad signature?
Paul Nasrat
pnasrat at redhat.com
Fri Dec 15 09:48:15 UTC 2006
On Fri, 2006-12-15 at 01:45 -0800, Shandy Brown wrote:
> > NOT OK will only occur if the file is corrupted - if it is an intact rpm
> > but unsigned it still has a header digest and a header+payload digest to
> > verify it's untampered with. Thus rpm -K tells you this is the rpm
> > built and intact and the payload and headers are consistent with the
> > digests.
>
> Is there some other method to detect that an rpm file is not signed?
>
> Other than installing it and checking with rpm -qi.
You can do it programatically, with --queryformat or use something like
yum with gpgcheck=1.
What actual problem are you trying to solve - as I explained RPM does
not currently enforce a signing policy.
Paul
More information about the Rpm-maint
mailing list