Bug #24491
closed
Rails dependencies on http://yum.theforeman.org/rails/foreman-1.18/ signed with the 'wrong' key
Description
(from https://copr-be.cloud.fedoraproject.org/results/@theforeman/tfm-ror51/)
[mguezuraga@laptop]$ rpm -qpi tfm-ror51-rubygem-rails-5.1.4-4.el7.centos.noarch.rpm | grep Sig Signature : RSA/SHA1, Fri 23 Mar 2018 07:33:39 PM CET, Key ID 082a86a91bf63f6e
(http://yum.theforeman.org/rails/foreman-1.17)
[mguezuraga@laptop]$ rpm -qpi tfm-ror51-rubygem-rails-5.1.4-4.el7.centos.noarch.rpm.1 | grep Sig Signature : RSA/SHA1, Fri 23 Mar 2018 07:33:39 PM CET, Key ID 082a86a91bf63f6e
Those 2 matches (OK)
However:
(http://yum.theforeman.org/rails/foreman-1.18)
[mguezuraga@laptop]$ rpm -qpi tfm-ror51-rubygem-rails-5.1.6-1.el7.centos.noarch.rpm | grep Sig Signature : RSA/SHA1, Wed 04 Apr 2018 05:40:56 PM CEST, Key ID 7a700fcad53e3faa
Updated by Mariano Guezuraga over 6 years ago
082a86a91bf63f6e is http://yum.theforeman.org/rails/foreman-1.17/RPM-GPG-KEY-copr, but I don't know which one is 7a700fcad53e3faa
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
- Category set to RPMs
- Found in Releases 1.18.0 added
I was sure I verified this but clearly didn't. It was built in https://copr.fedorainfracloud.org/coprs/g/theforeman/tfm-ror51-staging/ so https://copr.fedorainfracloud.org/coprs/g/theforeman/tfm-ror51-staging/ will then be the correct key.
Updated by Mariano Guezuraga over 6 years ago
- Subject changed from Rails depenencies on http://yum.theforeman.org/rails/foreman-1.18/ signed with the 'wrong' key to Rails dependencies on http://yum.theforeman.org/rails/foreman-1.18/ signed with the 'wrong' key
Updated by Mariano Guezuraga over 6 years ago
Thanks for the quick reply. https://copr-be.cloud.fedoraproject.org/results/@theforeman/tfm-ror51-staging/pubkey.gpg does look good.
Does this means you're going to update http://yum.theforeman.org/rails/foreman-1.18/RPM-GPG-KEY-copr?
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
Yes, but foreman-release-scl also needs an update. I think that in the 1.18.0 release we didn't actually enable GPG checking but with 1.18.1 we will correct this oversight.
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
- Status changed from New to Resolved
The key on yum.theforeman.org has been corrected. Thanks for the report.