Bug 1801338
Summary: | Changes to gpgv options used in debmirror 2.33 break gpg signature verification. | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Donald Ledford <ledfordd> |
Component: | debmirror | Assignee: | Sergio Basto <sergio> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | epel7 | CC: | puiterwijk, sergio |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | debmirror-2.30-4.el7 debmirror-2.35-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-30 00:43:35 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Donald Ledford
2020-02-10 16:53:26 UTC
Sorry, I meant 2.30-1 not 2.32-1 in the above comment. Thank you for the report use mean just remove "--output -" fixes the problem ? I'm not sure that just removing "--output -" would resolve the issue. It appears the code changes between 2.30 and 2.33 added lines to dynamically change the "--status-fd" FD number at runtime. The code appears to check the gpgv STDOUT for a good signature message. If --status-fd isn't 1 or 2 the Perl code may not get the gpgv command output to check. I'm guessing that "--output -" was added so the output is always sent to STDOUT and other messages can be sent to other FD descriptors with the dynamic "--status-fd" FD option. The code change for this functionality was done in commit 3b5c84e534e52f51e0a6373223483f1130d45e3e in response to Debian bug 918304. The first release of debmirror with these changes was version 2.31. See here: https://salsa.debian.org/debian/debmirror/commit/3b5c84e534e52f51e0a6373223483f1130d45e3e and here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918304 I'll be honest, I'm not a programmer and Perl isn't a language I'm super familiar with so I'm guessing on the above analysis. I reverted the debmirror package to 2.30-1 and pinned it on my production system to work around this bug. My repos are still syncing correctly with the 2.30-1 package and GPG signature verification turned on. OK, no worries, maybe the best is rollback to debmirror-2.30 in el7 , isn't it . Thanks for the report debmirror-2.30-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9d014c4edf debmirror-2.30-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. (In reply to Sergio Basto from comment #2) > Thank you for the report > > use mean just remove "--output -" fixes the problem ? OK, I'm sending debmirror-2.35-1.el7 to testing with mentioned patch since I got other person which says that is working and debmirror-2.35 is need to pick up the new cnf metadata that ubuntu 20.04 requires. FEDORA-EPEL-2021-f005e1b879 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879 FEDORA-EPEL-2021-f005e1b879 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2021-f005e1b879 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |