Upstream has released versions 1.7.11 and 1.18.3 on June 1, fixing a security issue:
Mageia 8 is also affected.
Fixed upstream in 1.17.11Whiteboard:
openSUSE has issued an advisory for this on June 7:
1.7.11 pushed to updates_testing
1.18.3 pusshed to cauldron.
Fixed upstream in 1.17.11 =>
Problem while updating:
golang-tests-1.17.11-1.mga8.noarch.rpm: Missing signature (OK ((none)))
Do you wnat to continue installation?
I think it's the same issue as last time. Maybe the fact that the package is named test prevent signature to happen correctly (just guessing).
Last time when moving to prod, it wasn't a problem anymore. So maybe for your validation you can say yes in order to install it. Anyway that package won't be tested by the docker rebuild ;-) (so you may even not update it
Either that or a build system issue. I've asked for it to be removed and resubmitted. I think I did the same thing last time.
OK, thanks. Shall go ahead without the test package.
urpme'd the existing testing package and installed the rest from qarepo.
Checked out docker from SVN and built a local version using the tried and tested procedure - see bug 30362 etc.
Build requires seemed to be up-to-date and bm proceeded smoothly.
The installed system version is docker-20.10.14-3.mga8 and
$ urpmq -i docker
lists up to 20.10.14.
The test build is 20.10.16-1.
$ cd ~/dev/docker/RPMS/x86_64
Assuming this is OK.
We still need to make sure that golang-tests is properly signed.
The entire list of packages will need to be retested once the signature
issue is fixed. Downgrade and reinstall the update after it's fixed.
The rebuild that fixes the signature for the golang-tests package might
cause a problem with another package from the same srpm such as a missing
signature. Unlikely, but without testing we won't know.
golang-tests-1.17.11-1.mga8 re-signed on primary mirror
Thanks - I shall catch up with it tomorrow.
Tests are still valid...tmb didn't rebuild it, just signed the one unsigned rpm.
I'm going to hope that something has been noted somewhere so that this issue doesn't come up in the next golang update.
Moved to another machine and repeated the whole process. No certificate problems this time and the test rebuild went fine.
An update for this issue has been pushed to the Mageia Updates repository.