[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: gpg sig checking in python or from the command line

From: Jeff Johnson <jbj JBJ ORG>
To: rpm-list redhat com
Subject: Re: gpg sig checking in python or from the command line
Date: Mon, 28 Jan 2002 00:17:48 -0500

On Sun, Jan 27, 2002 at 11:56:21PM -0500, seth vidal wrote:
> 
> > Well, if you add -v or -vv you do get more info.
> 
> is there a way to do that in the python module?
> 

Only by changing the bindings. Noone has ever seen fit to bind
	rpmIncreaseVerbosity()
called for each -v from the command line.

> 
>  > 
> > > is the only way the sig check fails is if the sig is bad, not if the sig
> > > is nonexistent?
> > 
> > Currently.
> 
> ideally I'd get a return code from rpm.checksig based on what failed.
> 
> could I check the length of the gpg sig in the header? if its zero or
> null then have it throw up?
> 

>From python, you can check for RPMTAG_SIGGPG or RPMTAG_SIGPGP non-existence
to identify unsigned packages.

The case of signature exists, but pubkey is not on keyring, now returns failure
in rpm-4.0.4. Previous behavior expected user to add -v or -vv, and informed
the user that the key was missing.

There's still the case of untrusted pubkeys that will have to be tightened
somewhen.

73 de Jeff

-- 
Jeff Johnson	ARS N3NPQ
jbj@jbj.org	(jbj@redhat.com)
Chapel Hill, NC

References:
- gpg sig checking in python or from the command line
  - From: seth vidal <skvidal@phy.duke.edu>
- Re: gpg sig checking in python or from the command line
  - From: Jeff Johnson <jbj@JBJ.ORG>
- Re: gpg sig checking in python or from the command line
  - From: seth vidal <skvidal@phy.duke.edu>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []