Re: exception using rpm 4.11.2

[Mark Hatle <mark.hatle@windriver.com>]

On 3/3/16 8:36 AM, Alexandre Freire da Silva Osorio wrote:
> If I delete and rebuild the rpm DB (rpm --rebuilddb), the error doesn't occur, but this must not be the default behavior.

There are some specific uses of RPM 4 in the YP, but I do caution against people
just using it "because".  The RPM 5 version is generally better suited for the
embedded world.  (There are been posts on more reasons on the oe-core lists in
the past.  But as quick summary -- dynamic architecture support, better cross
compilation support, cross-endian support, more configurable for custom
distributions, etc.)

As for the error below.

> 
> -----Original Message-----
> From: yocto-bounces@yoctoproject.org [mailto:yocto-bounces@yoctoproject.org] On Behalf Of Alexandre Freire da Silva Osorio
> Sent: quinta-feira, 3 de março de 2016 10:28
> To: yocto@yoctoproject.org
> Subject: [yocto] exception using rpm 4.11.2
> 
> Hi,
> 
> When trying to install a rpm inside a qemux86-64 machine (core-image-lsb), I got this error:
> 
> root@qemux86-64:~# rpm -ivh apacheds-2.0.0-M20-x86_64.rpm
> warning: apacheds-2.0.0-M20-x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 99aede43: NOKEY

The message above is likely due to RPM5 -always- signs packages.  A temporary
public/private key pair is generated during package generation and used to
create a non-repudiable signature.  It is used to verify that the package was
not modified in an accidental fashion.  The package has both the signature and
key necessary to verify the signature embedded into it.  Since it has both
pieces, this can not be used to verify malicious tampering!  (Think validation,
like a hash, not authentication like a proper signature/external key.)

The error above says that the package was signed with a specific key, and RPM4
(which does NOT know how to retrieve the associated non-repudiable key from
inside a package) doesn't know what the key is and fails to verify it -- giving
you the NOKEY warning.

> traps: rpm[1059] trap divide error ip:7fa07488caae sp:7fff5f7c6af0 error:0 in librpm.so.3.2.1[7fa074871000+5d000]
> Floating point exception

I don't know what the second part of the error indicates, but it could be
something like the RPM DB format is different between the versions.  (This would
not surprise me.  At one point RPM5 had a more efficient storage and retrieval
interface... they both user berkleydb, but differences in the storage formats do
exist.)

> root@qemux86-64:~# rpm --version
> RPM version 4.11.2
> 
> The rpm recipe used is the Jethro one.
> 
> This error doesn't happen if I choose rpm 5.4 (from rpm5.org).

I always recommend RPM5 unless you have a specific use-case to go back to RPM4.

> 
> Please any help on this?
> 
> Thanks in advance.
> 
> 
> Alexandre
>