Right, this is specific to the internal pgp parser. With rpm-sequoia I get:
> $ tools/rpmkeys --dbpath /tmp/kdb --import
> /tmp/2596A99EAAB33821893C0A79458CA832957F5868
error: Certificate 458CA832957F5868:
Policy rejects 458CA832957F5868: No binding signature at time
2024-04-02T10:42:20Z
error: /tmp/2596A99EAAB33821893C0A79458CA832957F5868: key 1 import failed.
but easy enough to reproduce with the old parser. This is enough prevents the
crash:
```
--- a/rpmio/rpmpgp_internal.c
+++ b/rpmio/rpmpgp_internal.c
@@ -1079,6 +1079,8 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t
pktlen,
digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY);
/* Copy UID from main key to subkey */
+ if (!mainkey->userid)
+ break;
digps[count]->userid = xstrdup(mainkey->userid);
if (getKeyID(pkt.body, pkt.blen, digps[count]->signid)) {
```
It wont import the key, but if main userid is missing in the key then maybe it
shouldn't.
The internal parser is now gone from the upstream rpm repo but it's of course
still there in 4.19.x. @mlschroe, do you want to have a closer look or just go
with something like the above as minimal bandaid?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2031682692
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3001/2031682...@github.com>_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
