Bug 5506

Summary: send a mail on upload if package lacks signature
Product: Infrastructure Reporter: Thierry Vignaud <thierry.vignaud>
Component: BuildSystemAssignee: Sysadmin Team <sysadmin-bugs>
Status: REOPENED --- QA Contact:
Severity: normal    
Priority: Normal CC: dan, hhielscher, marja11, sysadmin-bugs
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Thierry Vignaud 2012-04-20 13:40:55 CEST 
We regularly upload packages w/o signatures (last time: bug #5499).
It would be nice to send a mail on upload if package lacks signature.
Comment 1 Frédéric "LpSolit" Buclin 2012-04-20 16:20:01 CEST 
Bug 4925 suggests to reject unsigned RPMs.

*** This bug has been marked as a duplicate of bug 4925 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 2 Thierry Vignaud 2012-04-20 17:00:53 CEST 
That's not the same issue.
The two bug reports are orthogonal: fixing the issue and warn about it (since it kept re-happening)

Status: RESOLVED => REOPENED
Resolution: DUPLICATE => (none)

Helge Hielscher 2015-12-28 03:25:42 CET

CC: (none) => hhielscher

Comment 3 Marja Van Waes 2016-01-17 09:07:53 CET 
(In reply to Thierry Vignaud from comment #0)
> We regularly upload packages w/o signatures (last time: bug #5499).
> It would be nice to send a mail on upload if package lacks signature.

Where do you want the mail to be sent to?

CC: (none) => marja11

Comment 4 Thierry Vignaud 2016-01-17 11:08:05 CET 
The uploader + the dev ml (or the sysadm list or both lists)
Comment 5 Dan Fandrich 2024-02-18 07:38:00 CET 
This could be as simple as a cron job like this that runs every 4 hours:

find /distrib/{bootstrap,mirror}/ -xdev -name '*.rpm' -mmin -360 -print0 | xargs -0 -P20 --no-run-if-empty rpm -K  | grep -v ' digests signatures OK$'

That could raise some false positives (checking partial files), if files are copied instead of being atomically moved into /distrib/bootstrap/ (I'm not sure which is being done).

CC: (none) => dan