releng

Clone

#7693 Broken signatures fedora 29 and rawhide
Closed: Fixed 5 years ago Opened 5 years ago by clime.

Closed: Fixed
Reopen Issue
  • Describe the issue

I was testing this on docker images from docker.io:

First for rawhide image:

[root@6731300cebda /]# rpm -Kv /var/cache/dnf/rawhide-2d95c80a1fa0a67d/package/findutils-4.6.0-20.fc29.x86_64.rpm
/var/cache/dnf/rawhide-2d95c80a1fa0a67d/packages/findutils-4.6.0-20.fc29.x86_64.rpm:
    Header V3 RSA/SHA256 Signature, key ID 429476b4: OK
    Header SHA1 digest: OK
    Header SHA256 digest: OK
    Payload SHA256 digest: OK
    V3 RSA/SHA256 Signature, key ID 429476b4: OK
    MD5 digest: OK
[root@6731300cebda /]# rpm -Kv /var/cache/dnf/rawhide-2d95c80a1fa0a67d/packages/iputils-20180629-2.fc29.x86_64.rpm
/var/cache/dnf/rawhide-2d95c80a1fa0a67d/packages/iputils-20180629-2.fc29.x86_64.rpm:
    Header V3 RSA/SHA256 Signature, key ID cfc659b9: NOKEY
    Header SHA1 digest: OK
    Header SHA256 digest: OK
    Payload SHA256 digest: OK
    V3 RSA/SHA256 Signature, key ID cfc659b9: NOKEY

findutils is signed with key for f29, iptutils packages is signed with f30 key. This is one problem.

Then: 

$ docker run -it fedora:29 /bin/bash
Unable to find image 'fedora:29' locally
Trying to pull repository docker.io/library/fedora ... 
Trying to pull repository registry.fedoraproject.org/fedora ... 
sha256:521225b1a14aba45bdbce042f42f2f457813b0fdd58989325a7fa5321a223387: Pulling from registry.fedoraproject.org/fedora
f5b598b9ce0d: Already exists 
Digest: sha256:521225b1a14aba45bdbce042f42f2f457813b0fdd58989325a7fa5321a223387
Status: Downloaded newer image for registry.fedoraproject.org/fedora:29
[root@6e404362fec1 /]# 
[root@6e404362fec1 /]# cat /etc/redhat-release 
Fedora release 29 (Rawhide)

So for fedora:29 the situation is the same because I actually got rawhide instead of f29.

  • When do you need this? (YYYY/MM/DD)
    At some feasible time.

  • When is this no longer needed or useful? (YYYY/MM/DD)
    Always useful.

  • If we cannot complete your request, what is the impact?
    docker images for f29 and fedora-rawhide are unusuable.

This is also broken for containers in the fedora registry.

This should be fixed now.

Metadata Update from @mohanboddu:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
5 years ago

I can confirm it works for docker.io/fedora:29. But not for docker.io/fedora:rawhide.

On dnf upgrade, I got errors like:

GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-x86_64
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

I will reopen so that you can check this.

Metadata Update from @clime:
- Issue status updated to: Open (was: Closed)
5 years ago

It seems to be working now.

sh-4.4# dnf upgrade
Fedora - Modular Rawhide - Developmental packages for the next Fedora rel 258 kB/s | 1.2 MB     00:04    
Fedora - Rawhide - Developmental packages for the next Fedora release     1.6 MB/s |  62 MB     00:39    
Last metadata expiration check: 0:00:02 ago on Fri Sep  7 14:32:53 2018.
Dependencies resolved.
Nothing to do.
Complete!

Closing the ticket.

Metadata Update from @mohanboddu:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.