You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Removing Cython-0.29.6-2.el8.src.rpm: Package Cython-0.29.6-2.el8.src.rpm is not signed
Removing python-funcsigs-1.0.2-13.el8.src.rpm: Package python-funcsigs-1.0.2-13.el8.src.rpm is not signed
Removing python-libcloud-2.4.0-1.el8.src.rpm: Package python-libcloud-2.4.0-1.el8.src.rpm is not signed
Removing python-libcloud-3.2.0-1.el8.src.rpm: Package python-libcloud-3.2.0-1.el8.src.rpm is not signed
Removing python-mock-2.0.0-14.el8.src.rpm: Package python-mock-2.0.0-14.el8.src.rpm is not signed
Removing python-pbr-5.1.2-3.el8.src.rpm: Package python-pbr-5.1.2-3.el8.src.rpm is not signed
Removing python-typing-3.5.2.2-4.el8.src.rpm: Package python-typing-3.5.2.2-4.el8.src.rpm is not signed
Removing salt-3004-1.el8.src.rpm: Package salt-3004-1.el8.src.rpm is not signed
Error: GPG signature check failed.
All of those packages are in the SRPMS directory.
I can't put the mirroring script in a cron job because every invocation would spit out these errors and then that would go to a bunch of people who won't be happy with those reports.
So, please, make these errors go away.
Setup
I suppose you can invoke reposync -g in any kind of setup to reproduce the error. Or you can just manually inspect the packages. This one is fine:
> rpm -qi -p salt-3004-1.el8.noarch.rpm | grep '^Signature'
Signature : RSA/SHA256, Wed 13 Oct 2021 02:46:12 AM CEST, Key ID 0e08a149de57bfbe
it appears that the pkgbuild.repo state calls pkgbuild.make_repo and that function only scans the top level for rpms to sign, and not the SRPMS sub-folder.
Description
I was mirroring your RPM repository at https://repo.saltproject.io/py3/redhat/8/x86_64/latest with
reposync -g
and got these errors:All of those packages are in the
SRPMS
directory.I can't put the mirroring script in a cron job because every invocation would spit out these errors and then that would go to a bunch of people who won't be happy with those reports.
So, please, make these errors go away.
Setup
I suppose you can invoke
reposync -g
in any kind of setup to reproduce the error. Or you can just manually inspect the packages. This one is fine:But SRPMs aren't:
Steps to Reproduce the behavior
Not applicable.
Expected behavior
All packages should be signed with Salt's GPG key.
Screenshots
If applicable, add screenshots to help explain your problem.
Versions Report
Not applicable.
Additional context
I didn't check the repository for other OS version(s). The same problem might be present there, as well.
The text was updated successfully, but these errors were encountered: