Bug 2053987

Summary: RPM spec for file does not verify the GPG signature
Product: [Fedora] Fedora Reporter: Demi Marie Obenour <demiobenour>
Component: fileAssignee: Vincent Mihalkovič <vmihalko>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 35CC: jkaluza, kdudka, odubaj, svashisht, vmihalko
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: file-5.41-5.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-02 15:11:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Demi Marie Obenour 2022-02-13 19:11:37 UTC
Description of problem:
The RPM spec for file(1) does not verify the GPG signature on the
source tarball

Version-Release number of selected component (if applicable):
5.41

How reproducible:
100%

Steps to Reproduce:
1. dnf download --source file
2. Look at file.spec

Actual results:
The source tarball’s signature is not checked

Expected results:
The source tarball’s signature is checked

Additional info:

Comment 1 Vincent Mihalkovič 2022-02-16 09:16:29 UTC
Hi,
could you please be more elaborate in description of problem? If it is possible please send me some link or patch, because I do not know what is cause of mentioned error.

Comment 2 Kamil Dudka 2022-02-19 15:42:24 UTC
As I understand it, this is a request for a commit like this: https://src.fedoraproject.org/rpms/curl/c/ece67bdd

Comment 3 Vincent Mihalkovič 2022-03-02 15:11:04 UTC
dist-git commit: https://src.fedoraproject.org/rpms/file/c/69a6906f649dbf0255d71296a97b587b23f8d7bb