[issue96] add rpm package gpg signature checking

Richard Bos at Labix Tracker tracker at labix.org
Tue Feb 14 14:20:36 PST 2006


Richard Bos <radoeka at xs4all.nl> added the comment:

No it does not.  I created an rpm without signature, so the check should fail,
but is does not fail:

# smart -o rpm-check-signatures=true 
install /home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm
Loading cache...
Updating cache...               ######################################## [100%]

Computing transaction...

Upgrading packages (1):
  gramps-2.0.9-0.suse1000.rb3 at i586

3.3MB of package files are needed.

Confirm changes? (Y/n):

Committing transaction...
Preparing...                    ######################################## [  0%]
   1:Installing gramps          ######################################## [ 50%]


The correct behaviour should be:
# apt 
install /home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm
Reading Package Lists... Done
Building Dependency Tree... Done
Selecting gramps for 
'/home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm'
The following NEW packages will be installed:
  gramps
0 upgraded, 1 newly installed, 0 removed and 7 not upgraded.
Need to get 0B/3396kB of archives.
After unpacking 11.5MB of additional disk space will be used.
Checking GPG signatures...
Unsigned /home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm: 
sha1 md5 OK
E: Error(s) while checking package signatures:
1 unsigned package(s)
0 package(s) with unknown signatures
0 package(s) with illegal/corrupted signatures
E: Handler silently failed

_______________________________________
Labix issue tracker <tracker at labix.org>
<http://tracker.labix.org/issue96>
_______________________________________



More information about the Smart mailing list