PR#2029: add dnf update to get latest gnupg2 version in F35 images - copr/copr

copr / copr

#2029 add dnf update to get latest gnupg2 version in F35 images

Merged 2 years ago by praiskup. Opened 2 years ago by sergiomb.

copr/ sergiomb/copr keygen-update into main

add dnf update to get latest gnupg2 version in F35 images

Sérgio Basto • 2 years ago

15726fc

docker/keygen-signd/Dockerfile

file modified

+1 -1

		`@@ -10,6 +10,6 @@`
		`RUN useradd -r copr-signer -u 993 -g 992 -d /var/lib/copr-keygen`

		`# Install copr-keygen package`
		`- RUN dnf -y install copr-keygen && dnf clean all`
		`+ RUN dnf -y update gnupg2 && dnf -y install copr-keygen && dnf clean all`

		`CMD ["/usr/sbin/signd"]`

sergiomb commented 2 years ago

Can fix the issue of signing after update the builders to Fedora 35

reference:
https://lists.fedoraproject.org/archives/list/copr-devel@lists.fedorahosted.org/message/VZKTNRPTJLSA73CJBWEJRY3S5KAWAHK4/

zuul commented 2 years ago

Build succeeded.

csdiff-pylint : SUCCESS in 1m 57s

praiskup commented on line 6 of docker/keygen-signd/Dockerfile 2 years ago

Is the problem that the broken gnupg2 is baked into the default fedora image? Then please just update the gnupg2 here, not the whole image.

sergiomb commented 2 years ago

Is the problem that the broken gnupg2 is baked into the default fedora image?

yes , the default fedora 35 image (at least at 2022-01-05)

Then please just update the gnupg2 here, not the whole image.

I don't understand what you're asking , sorry

praiskup commented 2 years ago

- dnf -y update 
+ dnf -y update gnupg2

praiskup commented 2 years ago

@sergio, can you please fix the dnf command?

sergiomb commented 2 years ago

I just tested the update of all packages , that's why I hesitated to change.
See it updates many thing that may have influence like glibc, libstdc+, elfutils , python, libxcrypt etc ...

dnf update
(...)
Upgraded:
ca-certificates-2021.2.52-1.0.fc35.noarch           
elfutils-default-yama-scope-0.186-1.fc35.noarch
elfutils-libelf-0.186-1.fc35.x86_64 
elfutils-libs-0.186-1.fc35.x86_64
fedora-release-common-35-36.noarch   
fedora-release-container-35-36.noarch      
fedora-release-identity-container-35-36.noarch       
glib2-2.70.2-1.fc35.x86_64           
glibc-2.34-11.fc35.x86_64                  
glibc-common-2.34-11.fc35.x86_64                    
glibc-minimal-langpack-2.34-11.fc35.x86_64
gnupg2-2.3.4-1.fc35.x86_64          
hwdata-0.355-1.fc35.noarch
libgcc-11.2.1-7.fc35.x86_64          
libgomp-11.2.1-7.fc35.x86_64               
libstdc++-11.2.1-7.fc35.x86_64
libxcrypt-4.4.27-1.fc35.x86_64       
libzstd-1.5.1-4.fc35.x86_64                
python3-3.10.1-2.fc35.x86_64
python3-libs-3.10.1-2.fc35.x86_64    
shadow-utils-2:4.9-8.fc35.x86_64           
vim-minimal-2:8.2.3755-1.fc35.x86_64                
Installed:
elfutils-debuginfod-client-0.186-1.fc35.x86_64       
glibc-gconv-extra-2.34-11.fc35.x86_64
gnupg2-smime-2.3.4-1.fc35.x86_64    
libsecret-0.20.4-3.fc35.x86_64                        
mkpasswd-5.5.10-2.fc35.x86_64       
mozjs78-78.15.0-1.fc35.x86_64            
pcsc-lite-1.9.5-1.fc35.x86_64                         
pcsc-lite-ccid-1.4.36-2.fc35.x86_64
pcsc-lite-libs-1.9.5-1.fc35.x86_64       
pinentry-1.2.0-1.fc35.x86_64                          
polkit-0.120-1.fc35.x86_64          
polkit-libs-0.120-1.fc35.x86_64          
polkit-pkla-compat-0.1-20.fc35.x86_64                
python-unversioned-command-3.10.1-2.fc35.noarch       
vim-data-2:8.2.3755-1.fc35.noarch  
whois-nls-5.5.10-2.fc35.noarch

praiskup commented 2 years ago

that place is to install copr-keygen package, not to update the whole image.

I'm not -1, but I don't like it. @frostyx wdyt?

sergiomb commented 2 years ago

I know but to keygen I don't know if we only need update gnupg2 ...

praiskup commented 2 years ago

We know. Se the bug I cited.

praiskup commented 2 years ago

Ah, me/frostyx mentioned the bug, but not here (probably irc). https://bugzilla.redhat.com/show_bug.cgi?id=2022904

frostyx commented 2 years ago

I agree with @praiskup, we tested it on the development and production servers, and upgrading gnupg2 is good enough to fix the issue.

However, I am going through other Dockerfile files and all containers have dnf -y update in them ... so we can do that as well ... but please, in that case, change the # Install copr-keygen package comment.