On 21. 01. 21 12:39, Panu Matilainen wrote:
On 1/21/21 1:27 PM, Fabio Valentini wrote:
> On Thu, Jan 21, 2021 at 12:22 PM Panu Matilainen <pmatilai(a)redhat.com> wrote:
>>
>> On 1/21/21 9:56 AM, Florian Weimer wrote:
>>> With rpm-4.15.1-3.fc32.1.x86_64, I get this error:
>>>
>>> $ rpm -qip
>>>
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everyth...
>>>
>>> error: /var/tmp/rpm-tmp.6iU66n: signature hdr data: BAD, no. of bytes(88084)
>>> out of range
>>> error:
>>>
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everyth...:
>>> not an rpm package (or package manifest)
>>>
>>> Is this expected?
>>>
>>
>> Certainly not.
>>
>>> It seems that rpm-4.16.1.2-1.fc33.x86_64 can parse the RPM just fine.
>>> But rpm-4.14.3-4.el8.x86_64 does not like it, either.
>>
>> Based on a quick random sampling, this would appear to be a very recent
>> thing, the only affected packages I could find (which doesn't mean
>> others couldn't exist) were built in the last few days, such as the
>> above and these:
>>
>>
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everyth...
>>
>>
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everyth...
>>
>>
>> ...which were all built on Jan 18th. The only recent change to rpm is
>> the DWARF-5 support but based on changelogs that seems to have landed
>> the day after, so I dunno.
>
> Is it possible that this was triggered by switching on signed RPM contents?
> If I understand the implementation correctly, it messes with the RPM headers.
Oh, I wasn't aware the file signing proposal had been approved, much less
enabled. I thought I raised "some objections" on the enablement of the feature
from rpm maintainer perspective.
It was not approved.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok