[Rpm-maint] [rpm-software-management/rpm] rpm 4.20.0 alpha fallout #1 : urpmi --no-verify is broken by rpm checking on its own (Issue #3142)

Panu Matilainen notifications at github.com
Thu Jun 6 13:11:22 UTC 2024


> I guess I'll have to run a small transaction removing the offending key before importing.

Yes, there's nothing better at the moment.

> Does passing RPMPROB_FILTER_VERIFY would be enough to achieve this when calling rpmtsRun()?

Maybe, but again that verify step is NOT about signature verification as such, it could be package whose (header) signature is perfectly valid but truncated payload, or such. For "frak the signatures", IIRC you want to set rpmtsSetVfyFlags() to same as rpmtsSetVSFlags().

Note that letting verify do its job has more subtle side-effects too: installations only show as verified in the auditing log if rpm itself verified it. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3142#issuecomment-2152423140
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3142/2152423140 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240606/2007cedc/attachment.html>


More information about the Rpm-maint mailing list