#10794 Enable rpm signing for F-37
Opened 2 months ago by pbrobinson. Modified 5 days ago

  • Describe the issue

Enable rpm signing for F-37
https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents

  • When do you need this? (YYYY/MM/DD)
    ASAP

  • When is this no longer needed or useful? (YYYY/MM/DD)

  • If we cannot complete your request, what is the impact?


Metadata Update from @phsmoura:
- Issue tagged with: medium-gain, medium-trouble, ops

2 months ago

What's the status of getting this enabled? Ticket has been open a month

We were waiting for the SOP, which we now have... I think @humaton is going to create the key(s) now and add them.
Should be done early next week...

Ping? This is blocking IoT now for further IoT testing and features

I have created a fedora-37-ima key.
I granted autopen access to it.

I added:

  • ima file signing - enabled in f37

  • file_signing_key = "fedora-37-ima"

But it seems to fail.

The sign bridge has:

2022-06-28 17:22:29,055 ERROR: Worker sign-rpms:koji replies (koji reply thread) encountered an error processing
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/koji/__init__.py", line 2813, in _callMethod               
    return self._sendCall(handler, headers, request)                                                
  File "/usr/lib/python3.6/site-packages/koji/__init__.py", line 2719, in _sendCall                 
    return self._sendOneCall(handler, headers, request)                                             
  File "/usr/lib/python3.6/site-packages/koji/__init__.py", line 2777, in _sendOneCall              
    ret = self._read_xmlrpc_response(r)
  File "/usr/lib/python3.6/site-packages/koji/__init__.py", line 2789, in _read_xmlrpc_response     
    result = u.close()
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 656, in close                                  
    raise Fault(**self._stack[0])
xmlrpc.client.Fault: <Fault 1000: 'wrong md5 for dummy-test-package-gloster-0-9219.fc37.src: 2b2e51e68ca7a1c04ffd79176cfdcde4'>

During handling of the above exception, another exception occurred:                                 

Traceback (most recent call last):
  File "/usr/share/sigul/bridge.py", line 484, in add_signature                                     
    base64.b64encode(sighdr).decode("utf-8")
  File "/usr/lib/python3.6/site-packages/koji/__init__.py", line 2369, in __call__                  
    return self.__func(self.__name, args, opts)
  File "/usr/lib/python3.6/site-packages/koji/__init__.py", line 2832, in _callMethod               
    raise err
koji.GenericError: wrong md5 for dummy-test-package-gloster-0-9219.fc37.src: 2b2e51e68ca7a1c04ffd79176cfdcde4

During handling of the above exception, another exception occurred:                                 

Traceback (most recent call last):
  File "/usr/share/sigul/utils.py", line 770, in run                                                
    self._real_run()
  File "/usr/share/sigul/bridge.py", line 939, in _real_run                                         
    self.__handle_one_reply_rpm(rpm, koji_client)
  File "/usr/share/sigul/bridge.py", line 956, in __handle_one_reply_rpm                            
    rpm.add_signature_to_koji(koji_client)
  File "/usr/share/sigul/bridge.py", line 223, in add_signature_to_koji                             
    koji_client.add_signature(rpm_info, self.tmp_path)                                              
  File "/usr/share/sigul/bridge.py", line 489, in add_signature                                     
    str(e)))
ForwardingError: Koji connection failed: wrong md5 for dummy-test-package-gloster-0-9219.fc37.src: 2b2e51e68ca7a1c04ffd79176cfdcde4

@puiterwijk could you advise/tell me what I did wrong?

Login to comment on this ticket.

Metadata
Boards 1
Ops Status: Backlog