From 290fcbbe6b3ca2fb1d5e4a7269a32a94f8a1563a Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 2 Feb 2012 13:53:38 +0200
Subject: [PATCH] Never load ts keyring if signature checking is disabled

- Loading the pubkeys from database numerous often unwanted side-effects,
  if signature checking is disabled then there's no point loading
  the keys either.
- Commit cad147070e5513312d851f44998012e8f0cdf1e3 did this for
  rpmReadPackageFile() specifically but we really want it honored
  for all operations including headerCheck() and friends, handle
  it centrally in loadKeys() for simplicity.
---
 lib/package.c |  9 +++------
 lib/rpmts.c   | 13 ++++++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/package.c b/lib/package.c
index 1e44f4d..ae665de 100644
--- a/lib/package.c
+++ b/lib/package.c
@@ -698,15 +698,12 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
 {
     rpmRC rc;
     rpmVSFlags vsflags = rpmtsVSFlags(ts);
-    rpmKeyring keyring = 0;
-
-    if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES)
-	keyring = rpmtsGetKeyring(ts, 1);
+    rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
 
     rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
 
-    if (keyring)
-	rpmKeyringFree(keyring);
+    rpmKeyringFree(keyring);
+
     return rc;
 }
 
diff --git a/lib/rpmts.c b/lib/rpmts.c
index 5619c91..4b07517 100644
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -341,11 +341,14 @@ static int loadKeyringFromDB(rpmts ts)
 
 static void loadKeyring(rpmts ts)
 {
-    ts->keyring = rpmKeyringNew();
-    if (loadKeyringFromFiles(ts) == 0) {
-	if (loadKeyringFromDB(ts) > 0) {
-	    /* XXX make this a warning someday... */
-	    rpmlog(RPMLOG_DEBUG, "Using legacy gpg-pubkey(s) from rpmdb\n");
+    /* Never load the keyring if signature checking is disabled */
+    if ((rpmtsVSFlags(ts) & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES) {
+	ts->keyring = rpmKeyringNew();
+	if (loadKeyringFromFiles(ts) == 0) {
+	    if (loadKeyringFromDB(ts) > 0) {
+		/* XXX make this a warning someday... */
+		rpmlog(RPMLOG_DEBUG, "Using legacy gpg-pubkey(s) from rpmdb\n");
+	    }
 	}
     }
 }
-- 
2.7.4