Bug 1008430 - different "Signing Key:" on 5.5.0 and 5.6.0
different "Signing Key:" on 5.5.0 and 5.6.0
Status: NEW
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Tomas Lestach
Red Hat Satellite QA List
Depends On:
Blocks: sat560-triage
  Show dependency treegraph
Reported: 2013-09-16 07:06 EDT by Jan Hutař
Modified: 2015-08-10 15:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
custom rpm I have used (323.86 KB, application/octet-stream)
2013-09-16 07:06 EDT, Jan Hutař
no flags Details

  None (edit)
Description Jan Hutař 2013-09-16 07:06:08 EDT
Created attachment 798228 [details]
custom rpm I have used

Description of problem:
I have pushed one package to two satellites and it have different "Signing Key:" on 5.5.0 and 5.6.0.

Version-Release number of selected component (if applicable):

How reproducible:
1 of 1

Steps to Reproduce:
1. Take attached package and push it to satellites 5.5.0 and 5.6.0
2. Look at webUI to this package details

Actual results:
5.5.0: Signing Key:	0252331999000a09
5.6.0: Signing Key:	1054b7a24bd6ec30

Expected results:
"Signing Key:" should match.

Additional info:
I have been testing bug 838705 when I have seen this - maybe could be connected?

I have tried with different package and "Signing Key:" matches

How I have signed the package:
$ gpg2 --gen-key
gpg (GnuPG) 2.0.19; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Example Key for RPM Book
Email address: jhutar@redhat.com
Comment: Example Key for RPM Book
You selected this USER-ID:
    "Example Key for RPM Book (Example Key for RPM Book) <jhutar@redhat.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 8FAE20CA marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   4  signed:   3  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1  valid:   3  signed:   1  trust: 0-, 0q, 0n, 2m, 1f, 0u
gpg: next trustdb check due at 2013-10-08
pub   2048R/8FAE20CA 2013-09-13
      Key fingerprint = 0B84 0FD8 8D50 E1B6 165E  ABB7 C3DB 0329 8FAE 20CA
uid                  Example Key for RPM Book (Example Key for RPM Book) <jhutar@redhat.com>

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.
$ cat .rpmmacros
%_signature pgp
%_gpg_name Example Key for RPM Book
%_gpg_path /home/pok/.gnupg/
$ rpm --resign rpmbuild/RPMS/x86_64/pragha-1.1.1-3.fc19.jhutar.x86_64.rpm
Enter pass phrase: 
Pass phrase is good.
$ rpm --checksig rpmbuild/RPMS/x86_64/pragha-1.1.1-3.fc19.jhutar.x86_64.rpm
rpmbuild/RPMS/x86_64/pragha-1.1.1-3.fc19.jhutar.x86_64.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#8fae20ca)
Comment 3 Jan Hutař 2013-09-16 07:29:47 EDT
RPM have this:

$ rpm -Kv rpmbuild/RPMS/x86_64/pragha-1.1.1-3.fc19.jhutar.x86_64.rpm 
    Header V4 RSA/SHA1 Signature, key ID 8fae20ca: NOKEY
    Header SHA1 digest: OK (17220397b416ddff8d549aeb2f2dc601c0b2caad)
    V4 RSA/SHA1 Signature, key ID 8fae20ca: NOKEY
    MD5 digest: OK (b9961e922505c04dbe6bda0d196cc3bb)
Comment 4 Tomas Lestach 2013-09-16 07:33:09 EDT
After importing attached package to my machine, I see:

Signing Key:	c3db03298fae20ca
and it was detected as *gpg* package key type.
Comment 5 Tomas Lestach 2013-09-16 07:37:11 EDT
We agreed with Milan that it seems that backend/rhnpush does not correctly parse this type of signature. We need to start support pgp signatures to resolve this BZ/RFE.

Not a regression.

Note You need to log in before you can comment on or make changes to this bug.