[Rpm-maint] [rpm-software-management/rpm] Excessive (and misleading) output on NOTTRUSTED verify results (Issue #4036)

Panu Matilainen notifications at github.com
Fri Nov 7 09:42:41 UTC 2025 

pmatilai created an issue (rpm-software-management/rpm#4036)

NOTE: this assumes #4020 has been merged!

rpm-sequoia returns NOTTRUSTED if a signature is technically valid but uses algorithms disabled in the system policy, or contains policy violations. The right way to deal with these is to just ignore the signature - it's neither a positive or a negative result (see #3996 ). But these produce an extraordinary amount of chatter currently, and worse, report these as errors:

```
runroot rpm -Uv --test --nodeps /tmp/hello-2.0-1.x86_64.rpm
error: Verifying a signature using certificate 771B18D3D7BAA28734333C424344591E1964C5FC (rpm.org RSA testkey <rsa at rpm.org>):
  1. Certificate 4344591E1964C5FC invalid: policy violation
      because: Policy rejected asymmetric algorithm
      because: RSA2048 is not considered secure
  2. Certificate 4344591E1964C5FC invalid: policy violation
      because: Policy rejected asymmetric algorithm
      because: RSA2048 is not considered secure
warning: /tmp/hello-2.0-1.x86_64.rpm: Header OpenPGP V4 RSA/SHA512 signature, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: NOTTRUSTED
Verifying packages...
error: Verifying a signature using certificate 771B18D3D7BAA28734333C424344591E1964C5FC (rpm.org RSA testkey <rsa at rpm.org>):
  1. Certificate 4344591E1964C5FC invalid: policy violation
      because: Policy rejected asymmetric algorithm
      because: RSA2048 is not considered secure
  2. Certificate 4344591E1964C5FC invalid: policy violation
      because: Policy rejected asymmetric algorithm
      because: RSA2048 is not considered secure
Preparing packages...
error: Verifying a signature using certificate 771B18D3D7BAA28734333C424344591E1964C5FC (rpm.org RSA testkey <rsa at rpm.org>):
  1. Certificate 4344591E1964C5FC invalid: policy violation
      because: Policy rejected asymmetric algorithm
      because: RSA2048 is not considered secure
  2. Certificate 4344591E1964C5FC invalid: policy violation
      because: Policy rejected asymmetric algorithm
      because: RSA2048 is not considered secure
```

But despite all that scary looking error, error, error! chatter, the result is actually success, because there are also valid signatures present:
```
/tmp/hello-2.0-1.x86_64.rpm:
    Header OpenPGP V4 ECDSA/SHA512 signature, key fingerprint: e8a62c0512b06b5d2183ba207f1c21f95f65bbe8: OK
    Header OpenPGP V4 EdDSA/SHA512 signature, key fingerprint: 152bb32fd9ca982797e835cfb0645aec757bf69e: OK
    Header OpenPGP V4 RSA/SHA512 signature, key fingerprint: 771b18d3d7baa28734333c424344591e1964c5fc: NOTTRUSTED
    Header SHA256 digest: OK
    Payload SHA256 digest: OK
```

The issue is basically that rpm-sequoia returns these messages as lints, but rpmKeyringVerifySig2() logs them without sufficient context - whether something is an error or not can only be determined by the caller after the full verification set has been processed. So I think we'll need yet another verify API here.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/4036
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/4036 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20251107/84075030/attachment.htm>

More information about the Rpm-maint mailing list