Ask Your Question
0

how I list unsigned packages of my Fedora system

asked 2014-03-31 14:24:20 -0500

sergiomb gravatar image

updated 2014-04-02 17:35:58 -0500

Hi, For test sometimes I install unsigned packages , I check if it real get into repos I'd like remove all unsigned , and install it again but signed, the problem is how I list the unsigned packages ?

Solution:

rpm -qa --qf "%{name}-%{version}-%{release}.%{arch} %|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|\n" | grep -v gpg-pubkey | grep none

based on first reply Thanks,

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2014-04-02 08:40:50 -0500

marcindulak gravatar image

Try this:

# list all packages
packages=$(rpm -qa | LC_ALL=C sort)
# How to check for a signature (see http://lists.rpm.org/pipermail/rpm-list/2011-December/001048.html)
s=`grep Signature /usr/lib/rpm/rpmpopt* | head -1 | tr -s ' ' | cut -d' ' -f3`
# remove the trailing slash from the signature query format
signature=${s%?}
for p in $packages; do if test -n "$(rpm -q --qf $signature $p | grep none)"; then echo $p; fi; done
# result:
# gpg-pubkey-080ad8c4-50a0c564
# gpg-pubkey-fb4b18e6-50b96bfd
# ...

I get the following signature query on Fedora 20:

echo $signature 
%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|\n
edit flag offensive delete link more
1

answered 2014-04-01 22:55:29 -0500

billmcgonigle gravatar image

The RPM's themselves are signed. You can check those with rpm -K foo.rpm.

Once they're installed, you can check that a given rpm's files are good with rpm -V package' orrpm -Va` for all of them. If the '5' column exists for a file, its checksum has failed. You might exclude 'c' (config) files from this check.

But that doesn't directly solve your question since rpm doesn't have round-trip verification - you can't tell RPM to rebuild your rpm file from the installed files and compare binaries - it's more of a one-way process.

If I were in your shoes, I'd run: yum --releasever=20 distro-sync (or whichever release you're on) and then do package-cleanup --orphans to see if you have any straggling packages left that were not in the repo.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-03-31 14:24:20 -0500

Seen: 509 times

Last updated: Apr 02 '14