Never load ts keyring if signature checking is disabled

- Loading the pubkeys from database numerous often unwanted side-effects,
  if signature checking is disabled then there's no point loading
  the keys either.
- Commit cad147070e5513312d851f44998012e8f0cdf1e3 did this for
  rpmReadPackageFile() specifically but we really want it honored
  for all operations including headerCheck() and friends, handle
  it centrally in loadKeys() for simplicity.

diff --git a/lib/package.c b/lib/package.c
index 1e44f4d..ae665de 100644 (file)
--- a/lib/package.c
+++ b/lib/package.c
@@ -698,15 +698,12 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
 {
     rpmRC rc;
     rpmVSFlags vsflags = rpmtsVSFlags(ts);
-    rpmKeyring keyring = 0;
-
-    if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES)
-       keyring = rpmtsGetKeyring(ts, 1);
+    rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
 
     rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
 
-    if (keyring)
-       rpmKeyringFree(keyring);
+    rpmKeyringFree(keyring);
+
     return rc;
 }
 

diff --git a/lib/rpmts.c b/lib/rpmts.c
index 5619c91..4b07517 100644 (file)
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -341,11 +341,14 @@ static int loadKeyringFromDB(rpmts ts)
 
 static void loadKeyring(rpmts ts)
 {
-    ts->keyring = rpmKeyringNew();
-    if (loadKeyringFromFiles(ts) == 0) {
-       if (loadKeyringFromDB(ts) > 0) {
-           /* XXX make this a warning someday... */
-           rpmlog(RPMLOG_DEBUG, "Using legacy gpg-pubkey(s) from rpmdb\n");
+    /* Never load the keyring if signature checking is disabled */
+    if ((rpmtsVSFlags(ts) & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES) {
+       ts->keyring = rpmKeyringNew();
+       if (loadKeyringFromFiles(ts) == 0) {
+           if (loadKeyringFromDB(ts) > 0) {
+               /* XXX make this a warning someday... */
+               rpmlog(RPMLOG_DEBUG, "Using legacy gpg-pubkey(s) from rpmdb\n");
+           }
        }
     }
 }