Bug 1741046

Summary: The com.redhat.RHEL-8.1-Beta-x86_64.swidtag is not signed
Product: Red Hat Enterprise Linux 8 Reporter: Jan Pazdziora <jpazdziora>
Component: redhat-releaseAssignee: Rashmi <rnargund>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: ---CC: jpazdziora, lisas, pkotvan, rnargund, sct, tmlcoch
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-19 22:51:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1689193, 1693984    

Description Jan Pazdziora 2019-08-14 07:10:00 UTC 
Description of problem:

The supplemental SWID tag /usr/lib/swidtag/redhat.com/com.redhat.RHEL-8.1-Beta-x86_64.swidtag is not signed.

Version-Release number of selected component (if applicable):

redhat-release-8.1-3.1.el8.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. yum install -y xmlsec1-openssl
2. xmlsec1 --verify --trusted-pem /etc/pki/swid/CA/redhat.com/redhatcodesignca.cert /usr/lib/swidtag/redhat.com/com.redhat.RHEL-8.1-Beta-x86_64.swidtag

Actual results:

func=xmlSecKeysMngrGetKey:file=keys.c:line=1246:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=790:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=503:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=341:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
Error: signature failed 
ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "/usr/lib/swidtag/redhat.com/com.redhat.RHEL-8.1-Beta-x86_64.swidtag"

Expected results:

SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0

Additional info:
Comment 3 Rashmi 2019-09-30 14:20:38 UTC 
As described here:
https://projects.engineering.redhat.com/browse/RCM-63317?focusedCommentId=1840435&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1840435
This seems to be an issue with the beta pkg. We have a new build of redhat-release with the GA swid tags. Could this bug be tested against the new build? Jan has confirmed that the SWID tags are properly signed for GA.
Comment 16 Lisa S 2021-01-17 01:13:20 UTC 
Jan, can this be closed?
Comment 17 Jan Pazdziora 2021-01-17 14:16:42 UTC 
Sure, especially if the VERIFIED build was pushed out.