Older distros (eg RHEL 6) used SHA-1 signatures which some newer
distros now prevent us from verifying. Since verifying package
signatures is not essential for inspection, switch the feature off in
librpm.
Reported-by: Xiaodai Wang
Thanks: Panu Matilainen
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=2064182
Signed-off-by: Richard W.M. Jones <rjones(a)redhat.com>
---
daemon/rpm-c.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
index be0e81e22..f6a7067e1 100644
--- a/daemon/rpm-c.c
+++ b/daemon/rpm-c.c
@@ -89,8 +89,15 @@ static rpmdbMatchIterator iter;
value
guestfs_int_daemon_rpm_start_iterator (value unitv)
{
+ rpmVSFlags oflags;
+
CAMLparam1 (unitv);
ts = rpmtsCreate ();
+
+ /* Disable signature checking (RHBZ#2064182). */
+ oflags = rpmtsVSFlags (ts);
+ rpmtsSetVSFlags (ts, oflags | RPMVSF_MASK_NOSIGNATURES);
+
iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
CAMLreturn (Val_unit);
}
--
2.31.1