Project

General

Profile

Actions

Bug #24491

closed

Rails dependencies on http://yum.theforeman.org/rails/foreman-1.18/ signed with the 'wrong' key

Added by Mariano Guezuraga over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
RPMs
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

(from https://copr-be.cloud.fedoraproject.org/results/@theforeman/tfm-ror51/)

[mguezuraga@laptop]$ rpm -qpi tfm-ror51-rubygem-rails-5.1.4-4.el7.centos.noarch.rpm | grep Sig
Signature   : RSA/SHA1, Fri 23 Mar 2018 07:33:39 PM CET, Key ID 082a86a91bf63f6e

(http://yum.theforeman.org/rails/foreman-1.17)

[mguezuraga@laptop]$ rpm -qpi tfm-ror51-rubygem-rails-5.1.4-4.el7.centos.noarch.rpm.1 | grep Sig
Signature   : RSA/SHA1, Fri 23 Mar 2018 07:33:39 PM CET, Key ID 082a86a91bf63f6e

Those 2 matches (OK)

However:
(http://yum.theforeman.org/rails/foreman-1.18)

[mguezuraga@laptop]$ rpm -qpi tfm-ror51-rubygem-rails-5.1.6-1.el7.centos.noarch.rpm | grep Sig
Signature   : RSA/SHA1, Wed 04 Apr 2018 05:40:56 PM CEST, Key ID 7a700fcad53e3faa

Actions #1

Updated by Mariano Guezuraga over 5 years ago

082a86a91bf63f6e is http://yum.theforeman.org/rails/foreman-1.17/RPM-GPG-KEY-copr, but I don't know which one is 7a700fcad53e3faa

Actions #2

Updated by Ewoud Kohl van Wijngaarden over 5 years ago

  • Category set to RPMs
  • Found in Releases 1.18.0 added

I was sure I verified this but clearly didn't. It was built in https://copr.fedorainfracloud.org/coprs/g/theforeman/tfm-ror51-staging/ so https://copr.fedorainfracloud.org/coprs/g/theforeman/tfm-ror51-staging/ will then be the correct key.

Actions #3

Updated by Mariano Guezuraga over 5 years ago

  • Subject changed from Rails depenencies on http://yum.theforeman.org/rails/foreman-1.18/ signed with the 'wrong' key to Rails dependencies on http://yum.theforeman.org/rails/foreman-1.18/ signed with the 'wrong' key
Actions #5

Updated by Ewoud Kohl van Wijngaarden over 5 years ago

Yes, but foreman-release-scl also needs an update. I think that in the 1.18.0 release we didn't actually enable GPG checking but with 1.18.1 we will correct this oversight.

Actions #6

Updated by Ewoud Kohl van Wijngaarden over 5 years ago

  • Status changed from New to Resolved

The key on yum.theforeman.org has been corrected. Thanks for the report.

Actions

Also available in: Atom PDF