[Rpm-maint] [rpm-software-management/rpm] Fix excessive/misleading/wrong output on various verification scenarios (PR #4069)

Panu Matilainen notifications at github.com
Fri Dec 12 09:34:21 UTC 2025 

The callback-logic in the various verification scenarios doesn't have a chance of getting it right in the face of multiple signatures (or digests), some of which may be disabled on the system policy and so on. In addition, we were spitting out NOTFOUND messages for things that were explicitly disabled in the *rpm* configuration. If we don't look for them, we shouldn't say we didn't find 'em. 

More details in the commits of course.

This is quite a pile to review at once, but wanting to push it out as such so people can see + test the whole picture.
For review purposes, this splits cleanly into two though: the first part ends at "Drop NOTFOUNDs output" and that can be reviewed independently first if that's preferred.

You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/4069

-- Commit Summary --

  * Verify all types in transaction verify again
  * Add tests for non-verbose rpmkeys operation with multiple signatures
  * Split <corrupted signed> 4 test to separate CHECK cases for readability
  * Fix bogus verify output in some order dependent cases
  * Drop NOTFOUNDs output for items that are disabled in rpm config
  * Split some tests to individual RPMTEST_CHECK cases for readability
  * Introduce yet another variant of rpmKeyringVerifySig() for returning lints
  * Move signature lints output to post-verification where we know the result
  * Fix transaction verification output as well

-- File Changes --

    M include/rpm/rpmkeyring.h (15)
    M lib/package.cc (66)
    M lib/rpmchecksig.cc (25)
    M lib/rpmvs.cc (44)
    M lib/rpmvs.hh (26)
    M lib/transaction.cc (4)
    M rpmio/rpmkeyring.cc (24)
    M tests/rpmi.at (13)
    M tests/rpmsigdig.at (413)
    M tests/rpmvfylevel.at (42)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/4069.patch
https://github.com/rpm-software-management/rpm/pull/4069.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/4069
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/4069 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20251212/432895a6/attachment.htm>

More information about the Rpm-maint mailing list