On Feb 11, 2015, at 12:48 PM, Elan Ruusamäe wrote: > On 11.02.2015 15:23, Jeffrey Johnson wrote: >> DIsable the header signature checking with rpm -Va by removing the lines >> below in lib/verify.c >> >> >> >> 73 de Jeff >> >> =========================================== >> /* Verify header digest/signature. */ >> if (qva->qva_flags & (VERIFY_DIGEST | VERIFY_SIGNATURE)) >> { >> const char * horigin = headerGetOrigin(h); >> const char * msg = NULL; >> size_t uhlen = 0; >> void * uh = headerUnload(h, &uhlen); >> int lvl = headerCheck(rpmtsDig(ts), uh, uhlen, &msg) == RPMRC_FAIL >> ? RPMLOG_ERR : RPMLOG_DEBUG; >> rpmlog(lvl, "%s: %s\n", >> (horigin ? horigin : "verify"), (msg ? msg : "")); >> rpmtsCleanDig(ts); >> uh = _free(uh); >> msg = _free(msg); >> } > > applied this patch: > http://git.pld-linux.org/?p=packages/rpm.git;a=commitdiff;h=8b6cca9fe5a04dd48c84e7fd65fbfd177acaa1b3 > > now "rpm -Va >/dev/null" is silent: >
Good: that's progress and identifies the code path where the problem lies. > # rpm -q rpm > rpm-5.4.15-10.1.x86_64 > # rpm -Va >/dev/null > # > > i found something weird, if i do rpm -V pkgname, the header verification > error is not printed, but rpm -Va shows the error for every package (besides > gpg-pubkey) in the system. > Shows WHAT error? I'm missing something here: either rpm -Va is silent (as above) or its not (as you say here)? Which is it? Are you compiling rpm with OPENMP? The --verify code paths are multi-threaded. > # for a in `rpm -qa`; do rpm -V $a; done >/dev/null > # > > and: > > # rpm -Va >/dev/null 2>out > # head -n 3 out > error: rpmdb (h#3): Header V4 DSA signature: BAD, key ID e4f1bc2d > error: rpmdb (h#4): Header V4 DSA signature: BAD, key ID e4f1bc2d > error: rpmdb (h#5): Header V4 DSA signature: BAD, key ID e4f1bc2d > # tail -n 3 out > error: rpmdb (h#255): Header V4 DSA signature: BAD, key ID e4f1bc2d > error: rpmdb (h#256): Header V4 DSA signature: BAD, key ID e4f1bc2d > error: rpmdb (h#257): Header V4 DSA signature: BAD, key ID e4f1bc2d > # rpm -qa|wc -l > 186 > # wc -l out > 177 out > There's no need to count duplicated errors. 73 de Jeff > -- > glen > > _______________________________________________ > pld-devel-en mailing list > pld-devel-en@lists.pld-linux.org > http://lists.pld-linux.org/mailman/listinfo/pld-devel-en _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en