Bug 111022 - yum with gpgcheck=1 option doesn't work with some locales
yum with gpgcheck=1 option doesn't work with some locales
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: Security
: 128225 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-26 10:26 EST by Milan Slanař
Modified: 2014-01-21 17:48 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-06-18 07:58:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milan Slanař 2003-11-26 10:26:36 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
I modified yum.conf by adding gpgcheck=1 to every channel.
All gpg keys are installed (rpm --import /usr/share/rhn/RPM-GPG-KEY*).
If I want to install or update some package, yum fails. With
gpgcheck=0 everything works O.K.
I have czech locale set (LANG=cs_CZ.UTF-8)
I find out that with some locales all works (en_US.UTF-8, en_US,
ru_RU,...), but with other locales it fails (cs_CZ, cs_CZ.UTF-8, sk_SK)

Version-Release number of selected component (if applicable):
yum-2.0.4-2 rpm-4.2.1-0.30

How reproducible:
Always

Steps to Reproduce:
1. add gpgcheck=1 to yum.conf
2. install appropriate GPG key: rpm --import RPM-GPG-KEY-fedora (example)
3. change locale to czech: export LC_ALL=cs_CZ.UTF-8
4. install some package: yum install some-package
    

Actual Results:  [root@veau root]# yum install alsa-utils
Gathering header information file(s) from server(s)
Server: Fedora Core 1 - i386 - Base
Server: Fedora Core 1 - i386 - FreshRPMs
Server: Fedora Core 1 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: alsa-utils 0.9.8-1.fr.i386]
Is this ok [y/N]: y
Traceback (most recent call last):
  File "/usr/bin/yum", line 60, in ?
    yummain.main(sys.argv[1:])
  File "yummain.py", line 293, in main
  File "clientStuff.py", line 1026, in create_final_ts
  File "rpmUtils.py", line 69, in checkSig
  File "rpmUtils.py", line 85, in getSigInfo
ValueError: unpack list of wrong size
[root@veau root]#


Expected Results:  [root@veau root]# export LC_ALL=en_US.UTF-8
[root@veau root]# yum install alsa-utils
Gathering header information file(s) from server(s)
Server: Fedora Core 1 - i386 - Base
Server: Fedora Core 1 - i386 - FreshRPMs
Server: Fedora Core 1 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: alsa-utils 0.9.8-1.fr.i386]
Is this ok [y/N]: y
Running test transaction:
Test transaction complete, Success!
alsa-utils 100 % done 1/1
Installed:  alsa-utils 0.9.8-1.fr.i386
Transaction(s) Complete
[root@veau root]#


Additional info:

I think it is security bug because you cannot verify gpg signature of
packages.
Comment 1 Ales Ledvinka 2003-11-29 17:13:20 EST
(just adding self to cc)
first guess: most probably date in long format?
similar to tripwire reports and database updates?

(unset LANG should be temporary solution - temporary since rh8 ;-)
Comment 2 Seth Vidal 2004-06-09 22:25:34 EDT
That's an unrelated bug - the value error you're seeing is from a
garbage header.info - that's been fixed in yum 2.0.6 and above, I think.
Comment 3 Seth Vidal 2004-06-09 22:29:04 EDT
I may have spoken too soon, but I'd like to see this one on a newer
version of yum.
Comment 4 Jeff Johnson 2004-06-09 22:32:26 EDT
IIRC, the issue was the localization of the string thrown from
rpm-python bindings, yum zigged while rpm zagged.

The problem is resolved afaik. If not, please reopen and I'll
get the localization straightened out.

Nod, LANG=C should be adequate workaround no matter what.
Comment 5 Milan Slanař 2004-06-11 12:27:43 EDT
The bug is in FC2 also. LC_TIME is responsible.

[root@veau root]# export LC_TIME=cs_CZ.UTF-8
[root@veau root]# rpm -q yum rpm
yum-2.0.7-1.1
rpm-4.3.1-0.3
[root@veau root]# yum update bison
Získávám soubory informací o hlavičkách ze serverů
Server: Fedora Core 2 - i386 - Base
Server: Freshrpms for FC 2 - i386
Server: Fedora Core 2 - i386 - Released Updates
Server: Fedora Core 2 - i386 - Unreleased Updates
Hledám aktualizované balíčky
Stahuji potřebné hlavičky
Řeším závislosti
Závislosti vyřešeny
Provedu následující:
[aktualizovat: bison 1.875c-1.i386]
Is this ok [y/N]: y
Stahuji balíčky
Získávám bison-1.875c-1.i386.rpm
bison-1.875c-1.i386.rpm   100% |=========================| 280 kB    00:00
Traceback (most recent call last):
  File "/usr/bin/yum", line 30, in ?
    yummain.main(sys.argv[1:])
  File "/usr/share/yum/yummain.py", line 339, in main
    clientStuff.download_packages(tsInfo)
  File "/usr/share/yum/clientStuff.py", line 1224, in download_packages
    rc = rpmUtils.checkSig(rpmloc)
  File "/usr/share/yum/rpmUtils.py", line 70, in checkSig
    error, siginfo = getSigInfo(hdr)
  File "/usr/share/yum/rpmUtils.py", line 86, in getSigInfo
    sigtype, sigdate, sigid = siginfo.split(',')
ValueError: unpack list of wrong size
[root@veau root]# export LC_TIME=C
[root@veau root]# yum update bison
 
Nemohu najít pid
Získávám soubory informací o hlavičkách ze serverů
Server: Fedora Core 2 - i386 - Base
Server: Freshrpms for FC 2 - i386
Server: Fedora Core 2 - i386 - Released Updates
Server: Fedora Core 2 - i386 - Unreleased Updates
Hledám aktualizované balíčky
Stahuji potřebné hlavičky
Řeším závislosti
Závislosti vyřešeny
Provedu následující:
[aktualizovat: bison 1.875c-1.i386]
Is this ok [y/N]: y
Stahuji balíčky
Spouštím testovací transakci:
Testovací transakce hotova, úspěch!
bison 100 % done 1/2
Dokončuji aktualizaci pro bison  - 2/2
Aktualizováno:  bison 1.875c-1.i386
Transakce dokončeny
[root@veau root]#



LC_TIME=C is workaround.
Comment 6 Seth Vidal 2004-06-11 14:02:59 EDT
I think I know how to fix this one with minimal pain.

it looks like I need to do a maintenance release of 2.0.X anyway so
this has been added to my list of items.

Thanks.
Comment 7 Seth Vidal 2004-06-23 02:26:18 EDT
ah ha,

it only happens when you have the right key installed and the package
is correctly signed in a non-en.US or C locale.

anyway - I committed a fix to cvs tonight.

Thanks for noticing this.
Comment 8 Seth Vidal 2004-07-20 09:21:02 EDT
*** Bug 128225 has been marked as a duplicate of this bug. ***
Comment 9 Milan Slanař 2004-09-10 05:28:03 EDT
Bug is fixed in release 2.0.8 by Seth Vidal on 2004-09-09.

Thanks.

No official updates rpms for FC yet.

Note You need to log in before you can comment on or make changes to this bug.