- rpmpkgRead() starts with assumed failure, but there are a number
of places assigning the return code, and by the time we get
to the parsePGPSig() calls its likely to be RPMRC_OK, so the
jumps to exit result in "all is well" return code on a signature
we couldn't even parse. Oops.
- Set the failure status explicitly to fix this fairly nasty regression
introduced in commit
e8bc3ff5d780f4ee6656c24464402723e5fb04f4, ie
rpm >= 4.10.
(cherry picked from commit
96a616c6aed4c516789a154af188f005caf23f14)
switch (sigtag) {
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
- if (parsePGPSig(&sigtd, "package", fn, &sig))
+ if (parsePGPSig(&sigtd, "package", fn, &sig)) {
+ rc = RPMRC_FAIL;
goto exit;
+ }
/* fallthrough */
case RPMSIGTAG_SHA1:
{ struct rpmtd_s utd;
case RPMSIGTAG_GPG:
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
- if (parsePGPSig(&sigtd, "package", fn, &sig))
+ if (parsePGPSig(&sigtd, "package", fn, &sig)) {
+ rc = RPMRC_FAIL;
goto exit;
+ }
/* fallthrough */
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */