| Summary: | Release openshift3/image-inspector 2.1 | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Federico Simoncelli <fsimonce> |
| Component: | ImageStreams | Assignee: | Federico Simoncelli <fsimonce> |
| Status: | CLOSED ERRATA | QA Contact: | Wang Haoran <haowang> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.3.1 | CC: | aos-bugs, fsimonce, haowang, jokerman, mmccomas, tdawson |
| Target Milestone: | --- | Keywords: | Rebase |
| Target Release: | 3.3.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Rebase: Bug Fixes and Enhancements | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-01 19:28:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Federico Simoncelli
2016-11-28 09:10:10 UTC
Could you please rebuilt the image with the signed rpm package, the image failed the sanity test with error: gpg-pubkey (none) gpg-pubkey (none) openscap-scanner RSA/SHA256, Thu Sep 8 07:41:43 2016, Key ID 938a80caf21541eb gpg-pubkey (none) gpg-pubkey (none) openscap RSA/SHA256, Thu Sep 8 07:41:04 2016, Key ID 938a80caf21541eb (In reply to Wang Haoran from comment #1) > Could you please rebuilt the image with the signed rpm package, the image > failed the sanity test with error: > gpg-pubkey (none) gpg-pubkey (none) openscap-scanner RSA/SHA256, Thu Sep 8 > 07:41:43 2016, Key ID 938a80caf21541eb gpg-pubkey (none) gpg-pubkey (none) > openscap RSA/SHA256, Thu Sep 8 07:41:04 2016, Key ID 938a80caf21541eb Wang you're on an email thread where Troy reported that he already signed the rpms. In 2.1-1 the rpm is not signed: # docker run -ti --rm --entrypoint=/bin/bash {...}/openshift3/image-inspector:2.1-1 [root@dc0930aee2f6 /]# rpm -q --qf '%{NAME}-%{VERSION}-%{RELEASE} %{SIGPGP:pgpsig}\n' image-inspector image-inspector-2.1.0-1.el7 (none) But in the new image 2.1-2 the rpm is signed: $ docker run -ti --rm --entrypoint=/bin/bash {...}/image-inspector:2.1-2 [root@e619745d7f0f /]# rpm -q --qf '%{NAME}-%{VERSION}-%{RELEASE} %{SIGPGP:pgpsig}\n' image-inspector image-inspector-2.1.0-1.el7 RSA/SHA256, Tue Nov 29 14:34:59 2016, Key ID 199e2f91fd431d51 I am not sure if Troy forgot to update the errata with this information but anyway you should have noticed by the email thread that an image with signed rpms is available since yesterday. For reference here's the images id: {...}/openshift3/image-inspector 2.1-2 f964236eaa82 {...}/openshift3/image-inspector 2.1 44b09f38de87 {...}/openshift3/image-inspector 2.1-1 44b09f38de87 I am testing the image-inspector:2.1-2 image, but failed the sign check,
docker run -ti --rm --entrypoint=/bin/bash {...}/image-inspector:2.1-2
root@92601abef649 /]#rpm -q 'gpg-pubkey'
gpg-pubkey-fd431d51-4ae0493b
gpg-pubkey-2fa658e0-45700c69
gpg-pubkey-f21541eb-4a5233e7
gpg-pubkey-897da07a-3c979a7f
the key contains others except fd431d51 and 2fa658e0
Thank you for catching that. There was an unexpected change in the image build environment, causing rpm's to be pulled from unexpected places. That has been resolved and a new image was built. openshift3/image-inspector:2.1-3 Please try again. It passed this time. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2016:2845 |