Bug 2020678
Summary: | [conn] reposync with installroot fails when repo_gpgcheck is True | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Drazen Kacar <drazen.kacar> | ||||||
Component: | dnf | Assignee: | amatej | ||||||
Status: | CLOSED ERRATA | QA Contact: | Jan Blazek <jblazek> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 8.0 | CC: | amatej, james.antill, mbanas, pkratoch | ||||||
Target Milestone: | rc | Keywords: | Triaged | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | dnf-4.7.0-11.el8 | Doc Type: | No Doc Update | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2022-11-08 10:47:20 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Drazen Kacar
2021-11-05 15:46:37 UTC
Created attachment 1840208 [details]
dnf.librepo.log from installroot
I have investigated this and I believe it is not a bug. > It seems to me that reposync attempted to fetch the GPG key file from the OS path /etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG instead from that path inside installroot. You are correct, this is documented in the dnf manpage installroot section: ... cachedir, log files, releasever, and gpgkey are taken from or stored in the installroot. Gpgkeys are imported into the installroot from a path relative to the host which can be specified in the repository section of configuration files. ... This means that it tries to load the gpg key from the host and store it inside the installroot. I think the first sentence could be confusing and there is room for improvement but it is clarified in the second sentence. > All those keys are imported in the respective keyrings (OS default in the OS keyring and installroot keys in the installroot keyring). If you mean they are imported by rpm that is only relevant to the `gpgcheck` option (so for packages) for `repo_gpgcheck` - for signed repository metadata we actually store keys separately for each repo. Therefore the key is likely not yet imported for the pgdg14 repo. You can verify this if you place the key into /etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG on the host and run reposync, it will ask to import it and everything will work. If you try reposync again but remove the `gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG` setting from the repo config it will continue to work because the key is already imported. I think this is not documented anywhere though so we could fix that if you think it would be helpful. I have created a PR with the doc update: https://github.com/rpm-software-management/dnf/pull/1833 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (dnf bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7712 |