Bug 25084

Summary: Update mageiasync
Product: Mageia Reporter: papoteur <yvesbrungard>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, geiger.david68210, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6TOO MGA6-64-OK MGA7-64-OK
Source RPM: mageiasync CVE:
Status comment:

Description papoteur 2019-07-09 22:44:09 CEST 
Description of problem:
Signatures for Mageia 7 are now computed in a manner that needs to specify the file to check the signature against.
Mageiasync 0.4.0 takes this into account and now the signature can be checked

Before, 0.3.7
Specify a mirror as source for Mageia 7.
Launch the synchronisation.
The verification ends by "Failed"

With 0.4.0
The verification ends with "OK" and icon for signed.
papoteur 2019-07-09 22:45:09 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David GEIGER 2019-07-09 22:57:54 CEST 
So list of packages:


Packages in 6/core/updates_testing:
========================
mageiasync-0.4.0-1.mga6.noarch.rpm

Source RPM:
========================
mageiasync-0.4.0-1.mga6.src.rpm



Packages in 7/core/updates_testing:
========================
mageiasync-0.4.0-1.mga7.noarch.rpm

Source RPM:
========================
mageiasync-0.4.0-1.mga7.src.rpm

CC: (none) => geiger.david68210

Comment 2 Dave Hodgins 2019-07-10 04:55:44 CEST 
Wee need to add two srpms from Mageia 7 for the sha3-512sum to work.
sha3sum-1.1.5-1.mga7.src.rpm
lib64keccak1-1.2-1.mga7.src.rpm

They fit the exception for being needed for the mageiasync update.

Please add them as Mageia 6 packages with this update.

CC: (none) => davidwhodgins

Comment 3 papoteur 2019-07-10 11:24:33 CEST 
(In reply to Dave Hodgins from comment #2)
> Wee need to add two srpms from Mageia 7 for the sha3-512sum to work.
> sha3sum-1.1.5-1.mga7.src.rpm
> lib64keccak1-1.2-1.mga7.src.rpm
> 
> They fit the exception for being needed for the mageiasync update.
> 
> Please add them as Mageia 6 packages with this update.

Hi Dave,
I don't understand what you mean.
These mageiasync release checks sha512 and md5, not the sha3-512. Thus, there is no link with sha3sum rpm.
I didn't added sha3 check because Python needs to be 3.6 to allow it, and Mageia 6 has only Python 3.5.
Papoteur
Comment 4 Dave Hodgins 2019-07-10 22:42:25 CEST 
Sorry, mistook the sha512 as sha3-512. Forgot that I have to manually check
the sha3 sums. Tested on both mga6 and 7. Validating the update.

Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 papoteur 2019-07-11 10:27:14 CEST 
Suggested advisory
===================================
Signatures for Mageia 7 are now computed in a manner that needs to specify the file to check the signature against.
Mageiasync 0.4.0 takes this into account and now the signature can be checked.
===================================
Thomas Backlund 2019-07-11 22:01:00 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-07-11 22:51:24 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0064.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED