This has been an ongoing problem with the build system not always signing packages. Currently, in the Magiea 3, 4, and cauldron repos there are 206 unsigned packages (not including the SRPM repos). The existing unsigned packages need to be signed, and either the build system fixed, or a separate cron job added to find/sign the unsigned packages. I use the following script in my local repo, which excludes SRPMS, Mageia 1 and 2. #!/bin/bash cd /var/mnt/a9/Mageia/distrib find . *.rpm|xargs rpm -K 2>/dev/null| grep -v pgp>/root/unsigned.txt cat /root/unsigned.txt Reproducible: Steps to Reproduce:
Note that this problem is currently blocking a critical security update for 389-ds-base.
Priority: Normal => HighCC: (none) => eeeemail, ennael1Severity: normal => critical
Created attachment 5053 [details] List of 206 unsigned packages on the Mageia 3/4/cauldron repos. This is based on my local repo, which was synced from kernel.org about 4 hours ago.
Yeah, signing key expired :/ so youri pushes out unsigned packages at that point. I've extended key lifetime and will signg packages with missing signatures, starting with the security updatates
CC: (none) => tmb
Packages re-signed. I'm currently running a second check for missing keys
Status: NEW => RESOLVEDResolution: (none) => FIXED
There are still 20 packages in the Mageia 3 debug repos that need to be signed. ./3/i586/media/debug/core/release/checkpolicy-debuginfo-2.1.12-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/ptlib-debuginfo-2.10.10-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/privoxy-debuginfo-3.0.21-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/calligra-debuginfo-2.6.2-1.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/icewm-debuginfo-1.3.7-10.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/qt-gstreamer-debuginfo-0.10.2-3.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/xmoto-debuginfo-0.5.10-4.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/gsettings-desktop-schemas-debuginfo-3.6.1-6.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/gambas3-debuginfo-3.4.0-3.mga3.i586.rpm: sha1 md5 OK ./3/i586/media/debug/core/release/crmsh-debuginfo-1.2.5-2.mga3.i586.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/qt-gstreamer-debuginfo-0.10.2-3.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/ptlib-debuginfo-2.10.10-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/calligra-debuginfo-2.6.2-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/gsettings-desktop-schemas-debuginfo-3.6.1-6.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/crmsh-debuginfo-1.2.5-2.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/checkpolicy-debuginfo-2.1.12-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/xmoto-debuginfo-0.5.10-4.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/privoxy-debuginfo-3.0.21-1.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/icewm-debuginfo-1.3.7-10.mga3.x86_64.rpm: sha1 md5 OK ./3/x86_64/media/debug/core/release/gambas3-debuginfo-3.4.0-3.mga3.x86_64.rpm: sha1 md5 OK
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
Yeah, as stated in comment 4 I foceused on updates first. I started a second /distrib wide check yesterday, but forgot to run it under screen, so it stopped when I lost network connection. I reststarted the check today and have now fixed all missing signatures in the whole distrib tree, including infra tree. I'll look into adding key checks to xymon so it notifies us when key will start to expire. we should also fix youri to stop uploads when signing fails.
Status: REOPENED => RESOLVEDResolution: (none) => FIXED
Either there is still a problem with the signing of packages, or simply signing them on the main mirror does not get them updated on other mirrors. kdepimlibs4-core-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kdepimlibs4-devel-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-imap-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-ldap-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-mbox-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-nntp-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-pop3-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-sieve-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) kio4-smtp-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-calendar4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-contact4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kabc4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kcal4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kde4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-kmime4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi-notes4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64akonadi_socialutils4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64gpgme++2-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kabc4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kabc_file_core4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kalarmcal2-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kblog4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kcal4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kcalcore4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kcalutils4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kimap4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kldap4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kmbox4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kmime4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kontactinterface4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kpimidentities4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kpimtextedit4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kpimutils4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kresources4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64ktnef4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64kxmlrpcclient4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64mailtransport4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64microblog4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64nepomukcleaner4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64nepomukcore4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64qgpgme1-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) lib64syndication4-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) nepomuk-core-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none))) nepomuk-core-devel-4.11.5-1.mga4.x86_64.rpm: Missing signature (OK ((none)))
Can you check your mirroring ? I cant find any missing signature on primary mirror or my local mirror, so closing for now
Figured it out. I had to run urpmi --clean to get the signed versions copied from my local repo. Thanks!