Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Unsigned SRPM packages for RHEL 8 #61212

Open
dkacar-oradian opened this issue Nov 10, 2021 · 1 comment
Open

[BUG] Unsigned SRPM packages for RHEL 8 #61212

dkacar-oradian opened this issue Nov 10, 2021 · 1 comment
Labels
Bug broken, incorrect, or confusing behavior

Comments

@dkacar-oradian
Copy link

Description
I was mirroring your RPM repository at https://repo.saltproject.io/py3/redhat/8/x86_64/latest with reposync -g and got these errors:

Removing Cython-0.29.6-2.el8.src.rpm: Package Cython-0.29.6-2.el8.src.rpm is not signed
Removing python-funcsigs-1.0.2-13.el8.src.rpm: Package python-funcsigs-1.0.2-13.el8.src.rpm is not signed
Removing python-libcloud-2.4.0-1.el8.src.rpm: Package python-libcloud-2.4.0-1.el8.src.rpm is not signed
Removing python-libcloud-3.2.0-1.el8.src.rpm: Package python-libcloud-3.2.0-1.el8.src.rpm is not signed
Removing python-mock-2.0.0-14.el8.src.rpm: Package python-mock-2.0.0-14.el8.src.rpm is not signed
Removing python-pbr-5.1.2-3.el8.src.rpm: Package python-pbr-5.1.2-3.el8.src.rpm is not signed
Removing python-typing-3.5.2.2-4.el8.src.rpm: Package python-typing-3.5.2.2-4.el8.src.rpm is not signed
Removing salt-3004-1.el8.src.rpm: Package salt-3004-1.el8.src.rpm is not signed
Error: GPG signature check failed.

All of those packages are in the SRPMS directory.

I can't put the mirroring script in a cron job because every invocation would spit out these errors and then that would go to a bunch of people who won't be happy with those reports.

So, please, make these errors go away.

Setup

I suppose you can invoke reposync -g in any kind of setup to reproduce the error. Or you can just manually inspect the packages. This one is fine:

> rpm -qi -p salt-3004-1.el8.noarch.rpm | grep '^Signature'
Signature   : RSA/SHA256, Wed 13 Oct 2021 02:46:12 AM CEST, Key ID 0e08a149de57bfbe

But SRPMs aren't:

> wget https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SRPMS/salt-3004-1.el8.src.rpm
> rpm -qi -p salt-3004-1.el8.src.rpm | grep '^Signature'
Signature   : (none)

Steps to Reproduce the behavior
Not applicable.

Expected behavior
All packages should be signed with Salt's GPG key.

Screenshots
If applicable, add screenshots to help explain your problem.

Versions Report
Not applicable.

Additional context

I didn't check the repository for other OS version(s). The same problem might be present there, as well.
@dkacar-oradian dkacar-oradian added Bug broken, incorrect, or confusing behavior needs-triage labels Nov 10, 2021
@bryceml
Copy link
Contributor

bryceml commented Nov 15, 2021
edited

I believe this is a bug in salt https://github.com/saltstack/salt/blob/master/salt/modules/rpmbuild_pkgbuild.py#L745

it appears that the pkgbuild.repo state calls pkgbuild.make_repo and that function only scans the top level for rpms to sign, and not the SRPMS sub-folder.

https://github.com/saltstack/salt-pack-py3/blob/develop/file_roots/repo/redhat/rhel8/init.sls is where that state is run from.

@s0undt3ch s0undt3ch removed their assignment Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@s0undt3ch @bryceml @dkacar-oradian