On Tue, Aug 30, 2016 at 03:24:02 -0400, Jeffrey Johnson wrote: >> ~: strace -erecvfrom rpm --nosignature -qp keepassx-2.0.2-2.x86_64.rpm >> recvfrom(12, "\25\24\201\200\0\1\0\5\0\0\0\0\2ha\4pool\16sks-keyserv"..., >> 2048, 0, {sa_family=AF_INET, sin_port=htons(53), >> sin_addr=inet_addr("8.8.4.4")}, [16]) = 124 >> recvfrom(12, "\"\27\201\200\0\1\0\5\0\0\0\0\2ha\4pool\16sks-keyserv"..., >> 65536, 0, {sa_family=AF_INET, sin_port=htons(53), >> sin_addr=inet_addr("8.8.4.4")}, [16]) = 184 >> keepassx-2.0.2-2.x86_64 >> +++ exited with 0 +++ > > The 2 line snippet looks like a pubkey lookup: undefine %_hkp_keyserver to > disable the lookup
Thanks, that did the trick - it interferes with my network-restricted environment. I need all the verification to happen locally, and preferably FAIL BADLY when not possible (i.e. no networked key-server available and no GPG pubkey imported). Is there any macro/option that prevents me from installing any unsigned/unverified package? Warning is not enough, I want to be totally sure the verification was done and succeeded. > Use -vv to see signature verification (which is likely disabled w > ???nosignature). > > AFAIK, PLD has also reenabled the ???nosignature in ???system.h??? ??? the > code will be removed in rpm-5.4.18 (and rpm-5.4.17 was distributed with > MANDATORY signatures). > > I will send that patch to PLD if you choose to continue supporting a > ???nosignature option. Apparently noone here uses this... http://ftp.th.pld-linux.org/dists/th/PLD-3.0-Th-GPG-key.asc ~: rpm -qp --nosignature keepassx-2.0.2-2.x86_64.rpm (reversed meaning in query mode bug) error: keepassx-2.0.2-2.x86_64.rpm: Header V4 DSA signature: BAD, key ID e4f1bc2d error: reading keepassx-2.0.2-2.x86_64.rpm manifest, non-printable characters found ~: rpm -K keepassx-2.0.2-2.x86_64.rpm keepassx-2.0.2-2.x86_64.rpm: (SHA1) DSA sha1 md5 NOT_OK ~: rpm -qa gpg-pubkey\* gpg-pubkey-e4f1bc2d-47b351f0 ~: diff PLD-3.0-Th-GPG-key.asc /etc/pki/rpm-gpg/PLD-3.0-Th-GPG-key.asc (BTW this key is not automatically imported to rpm database). -- Tomasz Pala <go...@pld-linux.org> _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en