Bug 25084 - Update mageiasync
Summary: Update mageiasync
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-07-09 22:44 CEST by papoteur
Modified: 2019-07-11 22:51 CEST (History)
4 users (show)

See Also:
Source RPM: mageiasync
CVE:
Status comment:


Attachments

Description papoteur 2019-07-09 22:44:09 CEST
Description of problem:
Signatures for Mageia 7 are now computed in a manner that needs to specify the file to check the signature against.
Mageiasync 0.4.0 takes this into account and now the signature can be checked

Before, 0.3.7
Specify a mirror as source for Mageia 7.
Launch the synchronisation.
The verification ends by "Failed"

With 0.4.0
The verification ends with "OK" and icon for signed.
papoteur 2019-07-09 22:45:09 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David GEIGER 2019-07-09 22:57:54 CEST
So list of packages:


Packages in 6/core/updates_testing:
========================
mageiasync-0.4.0-1.mga6.noarch.rpm

Source RPM:
========================
mageiasync-0.4.0-1.mga6.src.rpm



Packages in 7/core/updates_testing:
========================
mageiasync-0.4.0-1.mga7.noarch.rpm

Source RPM:
========================
mageiasync-0.4.0-1.mga7.src.rpm

CC: (none) => geiger.david68210

Comment 2 Dave Hodgins 2019-07-10 04:55:44 CEST
Wee need to add two srpms from Mageia 7 for the sha3-512sum to work.
sha3sum-1.1.5-1.mga7.src.rpm
lib64keccak1-1.2-1.mga7.src.rpm

They fit the exception for being needed for the mageiasync update.

Please add them as Mageia 6 packages with this update.

CC: (none) => davidwhodgins

Comment 3 papoteur 2019-07-10 11:24:33 CEST
(In reply to Dave Hodgins from comment #2)
> Wee need to add two srpms from Mageia 7 for the sha3-512sum to work.
> sha3sum-1.1.5-1.mga7.src.rpm
> lib64keccak1-1.2-1.mga7.src.rpm
> 
> They fit the exception for being needed for the mageiasync update.
> 
> Please add them as Mageia 6 packages with this update.

Hi Dave,
I don't understand what you mean.
These mageiasync release checks sha512 and md5, not the sha3-512. Thus, there is no link with sha3sum rpm.
I didn't added sha3 check because Python needs to be 3.6 to allow it, and Mageia 6 has only Python 3.5.
Papoteur
Comment 4 Dave Hodgins 2019-07-10 22:42:25 CEST
Sorry, mistook the sha512 as sha3-512. Forgot that I have to manually check
the sha3 sums. Tested on both mga6 and 7. Validating the update.

Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 papoteur 2019-07-11 10:27:14 CEST
Suggested advisory
===================================
Signatures for Mageia 7 are now computed in a manner that needs to specify the file to check the signature against.
Mageiasync 0.4.0 takes this into account and now the signature can be checked.
===================================
Thomas Backlund 2019-07-11 22:01:00 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-07-11 22:51:24 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0064.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.