View Issue Details

IDProjectCategoryView StatusLast Update
0000151AlmaLinux-8almalinux-releasepublic2021-11-16 17:03
Reportercshabazian Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Summary0000151: rpm -K on https://repo.almalinux.org/almalinux/almalinux-release-latest-8.x86_64.rpm fails
DescriptionReported as high priority in case the package has been compromised
Steps To ReproduceRun the conversion script, or download the rpm and run rpm -K on it
TagsNo tags attached.
abrt_hash
URL

Activities

akdev

2021-11-16 13:36

reporter   ~0000391

I wasn't able to reproduce on a clean Alma Linux system, it doesn't seem like the package was compromised but your system might be missing some keys? (on my systems I have /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux which is provided by almalinux-release)

    $ curl "https://repo.almalinux.org/almalinux/almalinux-release-latest-8.x86_64.rpm" -LOJ 2>/dev/null&& rpm -K almalinux-release-latest-8.x86_64.rpm
almalinux-release-latest-8.x86_64.rpm: digests signatures OK

seems like this would be a bug in the migration script

cshabazian

2021-11-16 17:03

reporter   ~0000392

That was my second guess, that it was a bug in the migration script as the AlmaLinux keys aren't on my system and the script doesn't add them first. It looks like the problem is in the install_rpm_pubkey() function. In order to get it to run, I had to comment out:
  # if get_status_of_stage "install_rpm_pubkey"; then
  # return 0
  # fi
Add define pubkey_url:
    #local -r pubkey_url="${ALMA_PUBKEY_URL:-https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux}"
    local -r pubkey_url="https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux"

Sorry, no time to dig deeper into it. After I did the above, it worked fine.

Issue History

Date Modified Username Field Change
2021-11-15 23:15 cshabazian New Issue
2021-11-16 13:36 akdev Note Added: 0000391
2021-11-16 17:03 cshabazian Note Added: 0000392