16.4.2. Setting the verification flags

⁠16.4.2. Setting the verification flags

Starting with rpm 4.1, package files are verified automatically, which can cause problems, especially if you are working with older packages, or packages without proper digital signatures.

In most cases, the automatic verification is an advantage, since you can have greater confidence in the package files. However, you can call setVSFlags on a transaction set to change the default behavior.

ts.setVSFlags(flags)

For example, if you have problems with old packages that do not have proper signatures, you can use code like the following to ignore such checks:

# Set to not verify DSA signatures.

ts.setVSFlags(rpm.RPMVSF_NODSA)

Table 17-3 lists the flags you can pass to setVSFlags on a transaction set. These flags are bitmasks. You can or them together for more than one setting. You must do a binary or. Do not use the Python or keyword. Use | instead, for a binary or operation.

Table 17-3 Flags for setVSFlags

Flag	Meaning
rpm.RPMVSF_NEEDPAYLOAD	Leave the file handle positions at the beginning of the payload.
rpm.RPMVSF_NOHDRCHK	Don’t check the RPM database header.
rpm.RPMVSF_ NODSA	Don’t check the header and payload DSA signatures.
rpm.RPMVSF_ NODSAHEADER	Don’t check the header DSA signature.
rpm.RPMVSF_ NOMD5	Don’t check the header and payload MD5 digests.
rpm.RPMVSF_ NORSA	Don’t check the header and payload RSA signatures.
rpm.RPMVSF_ NOSHA1HEADER	Don’t check the header SHA1 digest.
rpm._RPMVSF_NODIGESTS	Convenience to not check digests.
rpm._RPMVSF_NOSIGNATURES	Convenience to not check signatures.

To turn off all checks, you can pass –1 to setVSFlags:

ts.setVSFlasgs(-1)