1390839 – repoman signing doesn't re-sign packages with given key if already signed

Bug 1390839 - repoman signing doesn't re-sign packages with given key if already signed

Summary: repoman signing doesn't re-sign packages with given key if already signed

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Repoman
Classification:	Community
Component:	Core
Sub Component:
Version:	2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	2.0
Assignee:	Sandro Bonazzola
QA Contact:	Eyal Edri
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-02 04:31 UTC by Sandro Bonazzola
Modified:	2017-12-14 05:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-14 05:07:41 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	81778	0	None	None	None	2017-10-11 16:55:34 UTC

Description Sandro Bonazzola 2016-11-02 04:31:59 UTC

Description of problem:
adding rpms built in copr or fedora to ovirt repository using repoman cause the package to be imported with the original signing key instead of the given one.

This causes yum install errors on missing gpg key for copr builds using gpg signing.

Repoman should check if the rpms are signed with the given keny and re-sign if not matching.

Note You need to log in before you can comment on or make changes to this bug.