| Summary: | Unsigned packages are going out to the mirrors. | ||
|---|---|---|---|
| Product: | Infrastructure | Reporter: | Dave Hodgins <davidwhodgins> |
| Component: | BuildSystem | Assignee: | Sysadmin Team <sysadmin-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | High | CC: | eeeemail, ennael1, sysadmin-bugs, tmb |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
| Attachments: | List of 206 unsigned packages on the Mageia 3/4/cauldron repos. | ||
|
Description
Dave Hodgins
2014-03-15 06:04:11 CET
Note that this problem is currently blocking a critical security update for 389-ds-base. Priority:
Normal =>
High Created attachment 5053 [details]
List of 206 unsigned packages on the Mageia 3/4/cauldron repos.
This is based on my local repo, which was synced from kernel.org about 4 hours
ago.
Yeah, signing key expired :/ so youri pushes out unsigned packages at that point. I've extended key lifetime and will signg packages with missing signatures, starting with the security updatates CC:
(none) =>
tmb Packages re-signed. I'm currently running a second check for missing keys Status:
NEW =>
RESOLVED There are still 20 packages in the Mageia 3 debug repos that need to be signed. ./3/i586/media/debug/core/release/checkpolicy-debuginfo-2.1.12-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/ptlib-debuginfo-2.10.10-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/privoxy-debuginfo-3.0.21-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/calligra-debuginfo-2.6.2-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/icewm-debuginfo-1.3.7-10.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/qt-gstreamer-debuginfo-0.10.2-3.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/xmoto-debuginfo-0.5.10-4.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/gsettings-desktop-schemas-debuginfo-3.6.1-6.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/gambas3-debuginfo-3.4.0-3.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/crmsh-debuginfo-1.2.5-2.mga3.i586.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/qt-gstreamer-debuginfo-0.10.2-3.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/ptlib-debuginfo-2.10.10-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/calligra-debuginfo-2.6.2-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/gsettings-desktop-schemas-debuginfo-3.6.1-6.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/crmsh-debuginfo-1.2.5-2.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/checkpolicy-debuginfo-2.1.12-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/xmoto-debuginfo-0.5.10-4.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/privoxy-debuginfo-3.0.21-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/icewm-debuginfo-1.3.7-10.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/gambas3-debuginfo-3.4.0-3.mga3.x86_64.rpm: sha1 md5 OK Status:
RESOLVED =>
REOPENED Yeah, as stated in comment 4 I foceused on updates first. I started a second /distrib wide check yesterday, but forgot to run it under screen, so it stopped when I lost network connection. I reststarted the check today and have now fixed all missing signatures in the whole distrib tree, including infra tree. I'll look into adding key checks to xymon so it notifies us when key will start to expire. we should also fix youri to stop uploads when signing fails. Status:
REOPENED =>
RESOLVED Either there is still a problem with the signing of packages, or simply signing them on the main mirror does not get them updated on other mirrors. kdepimlibs4-core-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kdepimlibs4-devel-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-imap-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-ldap-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-mbox-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-nntp-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-pop3-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-sieve-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-smtp-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-calendar4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-contact4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kabc4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kcal4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kde4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kmime4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-notes4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi_socialutils4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64gpgme++2-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kabc4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kabc_file_core4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kalarmcal2-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kblog4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kcal4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kcalcore4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kcalutils4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kimap4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kldap4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kmbox4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kmime4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kontactinterface4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kpimidentities4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kpimtextedit4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kpimutils4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kresources4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64ktnef4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kxmlrpcclient4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64mailtransport4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64microblog4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64nepomukcleaner4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64nepomukcore4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64qgpgme1-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64syndication4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) nepomuk-core-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) nepomuk-core-devel-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) Status:
RESOLVED =>
REOPENED Can you check your mirroring ? I cant find any missing signature on primary mirror or my local mirror, so closing for now Status:
REOPENED =>
RESOLVED Figured it out. I had to run urpmi --clean to get the signed versions copied from my local repo. Thanks! |