Bug 1571264 - "ostree admin status" fails due to GPG validation error
Summary: "ostree admin status" fails due to GPG validation error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: ostree
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jonathan Lebon
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-24 12:19 UTC by Martin Pitt
Modified: 2018-04-25 17:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-25 00:03:06 UTC
Type: Bug


Attachments (Terms of Use)

Description Martin Pitt 2018-04-24 12:19:41 UTC
Description of problem: "ostree admin status" now exits with code 1:

# ostree admin status
* fedora-atomic 931ebb3941fc49af706ac5a90ad3b5a493be4ae35e85721dabbfd966b1ecbf99.0
    Version: 27.122
    origin refspec: fedora-atomic:fedora/27/x86_64/atomic-host
error: GPG: Unable to complete signature verification: GnuPG: General error
[root@m1 ~]# echo $?
1

On previous releases, the GPG error happened as well, but looked a bit different. However, it did not cause the command to fail:

[root@m1 ~]# ostree admin status
* fedora-atomic c4015063c00515ddbbaa4c484573d38376db270b09adb22a4859faa0a39d5d93.0
    Version: 27.105
    origin refspec: fedora-atomic:fedora/27/x86_64/atomic-host
    GPG: Signature made So 25 Mär 2018 21:29:01 UTC using RSA key ID F55E7430F5282EE4
    GPG: Can't check signature: public key not found
[root@m1 ~]# echo $?
0

Of course it would actually be best to build the Fedora Atomic images in a way that it actually can verify the signature. But the previous error message was clearer, and failing this command now breaks scripts that use it.

Version-Release number of selected component (if applicable):

Fedora Atomic 27.122
ostree-2018.3-2.fc27.x86_64
rpm-ostree-2018.4-1.fc27.x86_64

How reproducible: Always


Steps to Reproduce:
1. ostree admin status

Actual results: Command exits with non-zero

Expected results: Command exits with zero

Comment 1 Colin Walters 2018-04-24 12:42:21 UTC
See https://src.fedoraproject.org/rpms/gpgme/pull-request/3

Comment 2 Jonathan Lebon 2018-04-24 12:45:35 UTC
This is very likely fixed by https://bodhi.fedoraproject.org/updates/FEDORA-2018-5b1642fbbb, but I'll double check that.

Comment 3 Jonathan Lebon 2018-04-24 12:57:19 UTC
Verified as fixed by https://bodhi.fedoraproject.org/updates/FEDORA-2018-5b1642fbbb. Will see if we can get this attached to the errata.

Comment 4 Colin Walters 2018-04-24 12:58:14 UTC
Hmm.  It's interesting that `ostree admin status` fails but `rpm-ostree status` succeeds.  We should add that to a-h-t probably.

Comment 5 Fedora Update System 2018-04-24 12:59:34 UTC
gpgme-1.10.0-4.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5b1642fbbb

Comment 6 Fedora Update System 2018-04-24 13:00:26 UTC
gpgme-1.10.0-4.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-82760371c4

Comment 7 Martin Pitt 2018-04-24 13:28:45 UTC
Any idea how I can test this?

# rpm-ostree install gpgme-1.10.0-4.fc27.x86_64.rpm 
Checking out tree 49ce221... done
Enabled rpm-md repositories: deps
rpm-md repo 'deps' (cached); generated: 2018-04-23 13:35:47

Importing metadata [=============] 100%
Resolving dependencies... Forbidden base package replacements:
  gpgme 1.9.0-6.fc27 -> 1.10.0-4.fc27 (@commandline)
failed
error: Some base packages would be replaced

Comment 8 Jonathan Lebon 2018-04-24 13:30:02 UTC
Try `rpm-ostree override replace /path/to/gpgme-1.10.0-4.fc27.x86_64.rpm`.

Comment 9 Martin Pitt 2018-04-24 13:49:57 UTC
Nice, thanks Jonathan! With the fixed gpgme, it works again:

[root@m1 ~]# ostree admin status
* fedora-atomic aac9b8830713e01a814cc2312003bb8772a42120036724b11aa753362f951cf3.0
    Version: cockpit-base.1
    origin: <unknown origin type>
  fedora-atomic 49ce2215e3438cc6afec420c6b6df17ef5533d146e96bb0582a2d8bb3f29a2c9.0 (rollback)
    Version: cockpit-base.1
    origin refspec: local:fedora/27/x86_64/atomic-host
[root@m1 ~]# echo $?
0

Comment 10 Fedora Update System 2018-04-25 00:03:06 UTC
gpgme-1.10.0-4.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Colin Walters 2018-04-25 14:38:36 UTC
For future reference, this regression was introduced by https://bodhi.fedoraproject.org/updates/gnupg2-2.2.6-1.fc27#comment-768518

Comment 12 Fedora Update System 2018-04-25 17:59:33 UTC
gpgme-1.10.0-4.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.