View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000151AlmaLinux-8almalinux-releasepublic2021-11-15 23:152021-12-11 22:19
Reportercshabazian Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Summary0000151: rpm -K on https://repo.almalinux.org/almalinux/almalinux-release-latest-8.x86_64.rpm fails
DescriptionReported as high priority in case the package has been compromised
Steps To ReproduceRun the conversion script, or download the rpm and run rpm -K on it
TagsNo tags attached.
abrt_hash
URL

Activities

akdev

2021-11-16 13:36

reporter   ~0000391

I wasn't able to reproduce on a clean Alma Linux system, it doesn't seem like the package was compromised but your system might be missing some keys? (on my systems I have /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux which is provided by almalinux-release)

    $ curl "https://repo.almalinux.org/almalinux/almalinux-release-latest-8.x86_64.rpm" -LOJ 2>/dev/null&& rpm -K almalinux-release-latest-8.x86_64.rpm
almalinux-release-latest-8.x86_64.rpm: digests signatures OK

seems like this would be a bug in the migration script

cshabazian

2021-11-16 17:03

reporter   ~0000392

That was my second guess, that it was a bug in the migration script as the AlmaLinux keys aren't on my system and the script doesn't add them first. It looks like the problem is in the install_rpm_pubkey() function. In order to get it to run, I had to comment out:
  # if get_status_of_stage "install_rpm_pubkey"; then
  # return 0
  # fi
Add define pubkey_url:
    #local -r pubkey_url="${ALMA_PUBKEY_URL:-https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux}"
    local -r pubkey_url="https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux"

Sorry, no time to dig deeper into it. After I did the above, it worked fine.

akdev

2021-12-11 19:24

reporter   ~0000441

coming back to this, I just realized there's very little detail on the original report

so I assume you mean this script: https://github.com/AlmaLinux/almalinux-deploy

could you elaborate on what you were migrating from?

akdev

2021-12-11 19:29

reporter   ~0000442

I looked at the source code and the relevant function looks fine, this is called unconditionally from the main function of the script.

the only thing is that there's a check to skip the function if it already ran but that seems correct as well.

cshabazian

2021-12-11 22:19

reporter   ~0000443

I was converting from CentOS to Alma using the conversion script. It seems to be working now, so I don't know if it got fixed or if I used an old script.

Issue History

Date Modified Username Field Change
2021-11-15 23:15 cshabazian New Issue
2021-11-16 13:36 akdev Note Added: 0000391
2021-11-16 17:03 cshabazian Note Added: 0000392
2021-12-11 19:24 akdev Note Added: 0000441
2021-12-11 19:29 akdev Note Added: 0000442
2021-12-11 22:19 cshabazian Note Added: 0000443