|
 |
69da20 |
From 46c0694ce0b9a2fe357403c998d30ec807e07015 Mon Sep 17 00:00:00 2001
|
|
|
69da20 |
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
|
69da20 |
Date: Tue, 15 Mar 2022 10:22:49 +0000
|
|
|
69da20 |
Subject: [PATCH] daemon/rpm-c.c: Disable signature checking in librpm
|
|
|
69da20 |
|
|
|
69da20 |
Older distros (eg CentOS 6) used SHA-1 RPM package signatures which
|
|
|
69da20 |
some newer distros (eg RHEL 9.0) prevent us from verifying.
|
|
|
69da20 |
|
|
|
69da20 |
This resulted in packages with SHA-1 signatures being skipped by
|
|
|
69da20 |
librpm (there is a warning in debug output, but if you're not looking
|
|
|
69da20 |
at that then the package is silently ignored). In some cases
|
|
|
69da20 |
essential packages like the kernel were skipped, which would be
|
|
|
69da20 |
visible as a failure of virt-v2v. In other cases (eg virt-inspector)
|
|
|
69da20 |
you'd just see fewer installed packages in the <applications> list.
|
|
|
69da20 |
|
|
|
69da20 |
Since verifying package signatures is not essential for inspection,
|
|
|
69da20 |
disable this feature in librpm.
|
|
|
69da20 |
|
|
|
69da20 |
Reported-by: Xiaodai Wang
|
|
|
69da20 |
Thanks: Panu Matilainen
|
|
|
69da20 |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182
|
|
|
69da20 |
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
69da20 |
(cherry picked from commit aa6f8038f826bfb37ddbbb575e6962e1e181c5e8)
|
|
|
69da20 |
---
|
|
|
69da20 |
daemon/rpm-c.c | 5 +++++
|
|
|
69da20 |
1 file changed, 5 insertions(+)
|
|
|
69da20 |
|
|
|
69da20 |
diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
|
|
|
69da20 |
index be0e81e22..020fc588e 100644
|
|
|
69da20 |
--- a/daemon/rpm-c.c
|
|
|
69da20 |
+++ b/daemon/rpm-c.c
|
|
|
69da20 |
@@ -90,7 +90,12 @@ value
|
|
|
69da20 |
guestfs_int_daemon_rpm_start_iterator (value unitv)
|
|
|
69da20 |
{
|
|
|
69da20 |
CAMLparam1 (unitv);
|
|
|
69da20 |
+
|
|
|
69da20 |
ts = rpmtsCreate ();
|
|
|
69da20 |
+
|
|
|
69da20 |
+ /* Disable signature checking (RHBZ#2064182). */
|
|
|
69da20 |
+ rpmtsSetVSFlags (ts, rpmtsVSFlags (ts) | RPMVSF_MASK_NOSIGNATURES);
|
|
|
69da20 |
+
|
|
|
69da20 |
iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
|
|
|
69da20 |
CAMLreturn (Val_unit);
|
|
|
69da20 |
}
|
|
|
69da20 |
--
|
|
|
69da20 |
2.31.1
|
|
|
69da20 |
|