[Yum-devel] Small checkSig patch

Roberto Zunino zunino at di.unipi.it
Mon Sep 27 22:46:00 UTC 2004


Currently, the function checkSig in rpmUtils.py returns 0 (i.e., sig OK) 
if a rpm.error exception occurs and str(exception) doesn't match the 
four "known" error strings.  It would be safer if yum complained in this 
case, since it did not successfully checked the gpg signature. The patch 
below is a quick fix; maybe a better approach would be to define another 
exit code for reporting "unknown rpm error".

The patch is against yum-2_1, but the same (minor) issue is also present 
in older yum sources.

Regards,
Zun.

Index: rpmUtils.py
===================================================================
RCS file: /cvsroot/yum/cvs/yum/Attic/rpmUtils.py,v
retrieving revision 1.1.2.24.2.1
diff -u -U8 -r1.1.2.24.2.1 rpmUtils.py
--- rpmUtils.py 12 Sep 2003 04:25:07 -0000      1.1.2.24.2.1
+++ rpmUtils.py 27 Sep 2004 22:22:17 -0000
@@ -44,32 +44,33 @@
          if not good:
              raise URLGrabError(-1, _('RPM %s fails md5 check') % 
(package))
          else:
              return
      else:
          return good

  def checkSig(package, serverid=None):
-    """ take a package, check it's sigs, return 0 if they are all fine, 
return
+    """ take a package, check its sigs, return 0 if they are all fine, 
return
      1 if the gpg key can't be found,  2 if the header is in someway 
damaged,
      3 if the key is not trusted, 4 if the pkg is not gpg or pgp signed"""
      ts.sigChecking('default')
      fdno = os.open(package, os.O_RDONLY)
      try:
          hdr = ts.hdrFromFdno(fdno)
      except rpm.error, e:
          if str(e) == "public key not availaiable":
              return 1
          if str(e) == "public key not available":
              return 1
          if str(e) == "public key not trusted":
              return 3
          if str(e) == "error reading package header":
              return 2
+        return 2 # unknown error, complain
      else:
          error, siginfo = getSigInfo(hdr)
          if error == 101:
              os.close(fdno)
              del hdr
              return 4
          else:
              del hdr

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.baseurl.org/pipermail/yum-devel/attachments/20040928/b3daf608/attachment.pgp 


More information about the Yum-devel mailing list