Use RSAHEADER to tell if a package has been signed

Relates: https://issues.redhat.com/browse/RHEL-92638
Conflict: None

commit 47853f2cf6575812d28093b750be2f2e897c153d
Author: Coiby Xu <coxu@redhat.com>
Date:   Thu Oct 16 17:29:52 2025 +0800

    Use RSAHEADER to tell if a package has been signed

    Packages now use RPM v4 signature %{RSAHEADER}. %{SIGPGP} is the name
    of the RPM v3 header+payload signature and can't be used to tell if
    a package has been signed,

        # uname -r
        6.16.10-200.fc42.x86_64
        # rpm -q --queryformat "%{SIGPGP:pgpsig}\n" --all|grep -c "^(none)$"
        586
        # rpm -q --queryformat "%{RSAHEADER}\n" --all|grep -c "^(none)$"
        5

    Signed-off-by: Coiby Xu <coxu@redhat.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>
This commit is contained in:
Coiby Xu 2025-10-30 08:59:51 +08:00
parent 6d6ac4e2d0
commit a8221a05b6

View File

@ -132,7 +132,7 @@ if [[ -z $reinstall_threshold ]]; then
fi
fi
unsigned_packages_in_rpm_db=$(rpm -q --queryformat "%{SIGPGP:pgpsig}\n" "$package" | grep -c "^(none)$")
unsigned_packages_in_rpm_db=$(rpm -q --queryformat "%{RSAHEADER}\n" "$package" | grep -c "^(none)$")
if [[ $unsigned_packages_in_rpm_db -ge $reinstall_threshold ]]; then
add_by_reinstall