daemon/rpm-c.c: Disable signature checking in librpm

Older distros (eg CentOS 6) used SHA-1 RPM package signatures which some newer distros (eg RHEL 9.0) prevent us from verifying. This resulted in packages with SHA-1 signatures being skipped by librpm (there is a warning in debug output, but if you're not looking at that then the package is silently ignored). In some cases essential packages like the kernel were skipped, which would be visible as a failure of virt-v2v. In other cases (eg virt-inspector) you'd just see fewer installed packages in the <applications> list. Since verifying package signatures is not essential for inspection, disable this feature in librpm. Reported-by: Xiaodai Wang Thanks: Panu Matilainen Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182 Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
armanamjad · Mar 15, 2022 · aa6f803 · aa6f803
1 parent 1b61ad0
commit aa6f803
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
@@ -90,7 +90,12 @@ value
 guestfs_int_daemon_rpm_start_iterator (value unitv)
 {
   CAMLparam1 (unitv);
+
   ts = rpmtsCreate ();
+
+  /* Disable signature checking (RHBZ#2064182). */
+  rpmtsSetVSFlags (ts, rpmtsVSFlags (ts) | RPMVSF_MASK_NOSIGNATURES);
+
   iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
   CAMLreturn (Val_unit);
 }