daemon/rpm-c.c: Disable signature checking in librpm

Older distros (eg CentOS 6) used SHA-1 RPM package signatures which some newer distros (eg RHEL 9.0) prevent us from verifying. This resulted in packages with SHA-1 signatures being skipped by librpm (there is a warning in debug output, but if you're not looking at that then the package is silently ignored). In some cases essential packages like the kernel were skipped, which would be visible as a failure of virt-v2v. In other cases (eg virt-inspector) you'd just see fewer installed packages in the <applications> list. Since verifying package signatures is not essential for inspection, disable this feature in librpm. Reported-by: Xiaodai Wang Thanks: Panu Matilainen Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182 Signed-off-by: Richard W.M. Jones <rjones@redhat.com> (cherry picked from commit aa6f8038f8)
2026-03-21 22:53:37 +00:00 · 2022-03-15 10:22:49 +00:00
parent c50bb81e40
commit 46c0694ce0
1 changed files with 5 additions and 0 deletions
--- a/daemon/rpm-c.c
+++ b/daemon/rpm-c.c
@@ -90,7 +90,12 @@ value
 guestfs_int_daemon_rpm_start_iterator (value unitv)
 {
  CAMLparam1 (unitv);
+
  ts = rpmtsCreate ();
+
+  /* Disable signature checking (RHBZ#2064182). */
+  rpmtsSetVSFlags (ts, rpmtsVSFlags (ts) | RPMVSF_MASK_NOSIGNATURES);
+
  iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
  CAMLreturn (Val_unit);
 }