Bug 2232439

Summary: jq-1.6-15.el9.aarch64.rpm became unsigned in C9S development compose
Product: Red Hat Enterprise Linux 9 Reporter: Michael Ho <micho>
Component: jqAssignee: Tomas Halman <thalman>
Status: CLOSED NOTABUG QA Contact: sssd-qe
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, jwboyer, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-17 08:34:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Ho 2023-08-16 21:52:57 UTC 
Description of problem:

In the production C9S compose [1], the jq-1.6-15.el9.aarch64.rpm is signed correctly. In the development C9S compose [2], the jq-1.6-15.el9.aarch64.rpm is now unsigned. It is also unsigned in CentOS Koji [3] now. This is problematic because it now cannot be used in gpg enabled repos (i.e. AutoSD compose).

The rpm signatures being stripped in post seems to be a bug or unwanted modification to the rpm.

[1]: https://mirror.stream.centos.org/9-stream/AppStream/aarch64/os/Packages/jq-1.6-15.el9.aarch64.rpm
[2]: https://composes.stream.centos.org/development/latest-CentOS-Stream/compose/AppStream/aarch64/os/Packages/jq-1.6-15.el9.aarch64.rpm
[3]: https://kojihub.stream.centos.org/kojifiles/packages/jq/1.6/15.el9/aarch64/jq-1.6-15.el9.aarch64.rpm

Version-Release number of selected component (if applicable):

jq-1.6-15.el9

How reproducible:

Easy to reproduce.

Steps to Reproduce:
1. Download rpm from development compose or koji directly (See [2] or [3]
   in the description above)
2. Verify the signature with `rpm -qpi`
   rpm -qpi jq-1.6-15.el9.aarch64.rpm
3. Confirm that Signature field is empty
   eg. Signature   : (none)

Actual results:

  Signature   : (none)

Expected results:

  Signature   : RSA/SHA256, Tue 11 Apr 2023 08:25:58 PM CEST, Key ID 05b555b38483c65d

Additional info:
Comment 1 Michael Ho 2023-08-17 08:34:01 UTC 
Disregard this, the other rpms in general are unsigned in these source locations (didn't verify a report deeply enough before creating this bug).