Bug 111022
| Summary: | yum with gpgcheck=1 option doesn't work with some locales | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Milan Slanař <milan.slanar> |
| Component: | yum | Assignee: | Jeff Johnson <jbj> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1 | CC: | ledva, mitr, ondrejj |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-06-18 11:58:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
(just adding self to cc) first guess: most probably date in long format? similar to tripwire reports and database updates? (unset LANG should be temporary solution - temporary since rh8 ;-) That's an unrelated bug - the value error you're seeing is from a garbage header.info - that's been fixed in yum 2.0.6 and above, I think. I may have spoken too soon, but I'd like to see this one on a newer version of yum. IIRC, the issue was the localization of the string thrown from rpm-python bindings, yum zigged while rpm zagged. The problem is resolved afaik. If not, please reopen and I'll get the localization straightened out. Nod, LANG=C should be adequate workaround no matter what. The bug is in FC2 also. LC_TIME is responsible.
[root@veau root]# export LC_TIME=cs_CZ.UTF-8
[root@veau root]# rpm -q yum rpm
yum-2.0.7-1.1
rpm-4.3.1-0.3
[root@veau root]# yum update bison
ZÃskávám soubory informacà o hlaviÄkách ze serverů
Server: Fedora Core 2 - i386 - Base
Server: Freshrpms for FC 2 - i386
Server: Fedora Core 2 - i386 - Released Updates
Server: Fedora Core 2 - i386 - Unreleased Updates
Hledám aktualizované balÃÄky
Stahuji potÅebné hlaviÄky
ÅeÅ¡Ãm závislosti
Závislosti vyÅeÅ¡eny
Provedu následujÃcÃ:
[aktualizovat: bison 1.875c-1.i386]
Is this ok [y/N]: y
Stahuji balÃÄky
ZÃskávám bison-1.875c-1.i386.rpm
bison-1.875c-1.i386.rpm 100% |=========================| 280 kB 00:00
Traceback (most recent call last):
File "/usr/bin/yum", line 30, in ?
yummain.main(sys.argv[1:])
File "/usr/share/yum/yummain.py", line 339, in main
clientStuff.download_packages(tsInfo)
File "/usr/share/yum/clientStuff.py", line 1224, in download_packages
rc = rpmUtils.checkSig(rpmloc)
File "/usr/share/yum/rpmUtils.py", line 70, in checkSig
error, siginfo = getSigInfo(hdr)
File "/usr/share/yum/rpmUtils.py", line 86, in getSigInfo
sigtype, sigdate, sigid = siginfo.split(',')
ValueError: unpack list of wrong size
[root@veau root]# export LC_TIME=C
[root@veau root]# yum update bison
Nemohu najÃt pid
ZÃskávám soubory informacà o hlaviÄkách ze serverů
Server: Fedora Core 2 - i386 - Base
Server: Freshrpms for FC 2 - i386
Server: Fedora Core 2 - i386 - Released Updates
Server: Fedora Core 2 - i386 - Unreleased Updates
Hledám aktualizované balÃÄky
Stahuji potÅebné hlaviÄky
ÅeÅ¡Ãm závislosti
Závislosti vyÅeÅ¡eny
Provedu následujÃcÃ:
[aktualizovat: bison 1.875c-1.i386]
Is this ok [y/N]: y
Stahuji balÃÄky
SpouÅ¡tÃm testovacà transakci:
Testovacà transakce hotova, úspÄch!
bison 100 % done 1/2
DokonÄuji aktualizaci pro bison - 2/2
Aktualizováno: bison 1.875c-1.i386
Transakce dokonÄeny
[root@veau root]#
LC_TIME=C is workaround.
I think I know how to fix this one with minimal pain. it looks like I need to do a maintenance release of 2.0.X anyway so this has been added to my list of items. Thanks. ah ha, it only happens when you have the right key installed and the package is correctly signed in a non-en.US or C locale. anyway - I committed a fix to cvs tonight. Thanks for noticing this. *** Bug 128225 has been marked as a duplicate of this bug. *** Bug is fixed in release 2.0.8 by Seth Vidal on 2004-09-09. Thanks. No official updates rpms for FC yet. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: I modified yum.conf by adding gpgcheck=1 to every channel. All gpg keys are installed (rpm --import /usr/share/rhn/RPM-GPG-KEY*). If I want to install or update some package, yum fails. With gpgcheck=0 everything works O.K. I have czech locale set (LANG=cs_CZ.UTF-8) I find out that with some locales all works (en_US.UTF-8, en_US, ru_RU,...), but with other locales it fails (cs_CZ, cs_CZ.UTF-8, sk_SK) Version-Release number of selected component (if applicable): yum-2.0.4-2 rpm-4.2.1-0.30 How reproducible: Always Steps to Reproduce: 1. add gpgcheck=1 to yum.conf 2. install appropriate GPG key: rpm --import RPM-GPG-KEY-fedora (example) 3. change locale to czech: export LC_ALL=cs_CZ.UTF-8 4. install some package: yum install some-package Actual Results: [root@veau root]# yum install alsa-utils Gathering header information file(s) from server(s) Server: Fedora Core 1 - i386 - Base Server: Fedora Core 1 - i386 - FreshRPMs Server: Fedora Core 1 - i386 - Released Updates Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [install: alsa-utils 0.9.8-1.fr.i386] Is this ok [y/N]: y Traceback (most recent call last): File "/usr/bin/yum", line 60, in ? yummain.main(sys.argv[1:]) File "yummain.py", line 293, in main File "clientStuff.py", line 1026, in create_final_ts File "rpmUtils.py", line 69, in checkSig File "rpmUtils.py", line 85, in getSigInfo ValueError: unpack list of wrong size [root@veau root]# Expected Results: [root@veau root]# export LC_ALL=en_US.UTF-8 [root@veau root]# yum install alsa-utils Gathering header information file(s) from server(s) Server: Fedora Core 1 - i386 - Base Server: Fedora Core 1 - i386 - FreshRPMs Server: Fedora Core 1 - i386 - Released Updates Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [install: alsa-utils 0.9.8-1.fr.i386] Is this ok [y/N]: y Running test transaction: Test transaction complete, Success! alsa-utils 100 % done 1/1 Installed: alsa-utils 0.9.8-1.fr.i386 Transaction(s) Complete [root@veau root]# Additional info: I think it is security bug because you cannot verify gpg signature of packages.