RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1984977 - Backport hplip-keyserver.patch from Fedora
Summary: Backport hplip-keyserver.patch from Fedora
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: hplip
Version: CentOS Stream
Hardware: All
OS: Linux
medium
medium
Target Milestone: beta
: ---
Assignee: Zdenek Dohnal
QA Contact: rhel-cs-infra-services-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-22 15:02 UTC by Sergey
Modified: 2021-12-08 07:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1985251 (view as bug list)
Environment:
Last Closed: 2021-12-08 07:46:08 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
This patch fix 2nd issue (527 bytes, patch)
2021-07-22 15:02 UTC, Sergey 		no flags Details | Diff
Patch from Fedora (2.34 KB, patch)
2021-07-23 08:57 UTC, Zdenek Dohnal 		no flags Details | Diff
View All

Description Sergey 2021-07-22 15:02:50 UTC 
Created attachment 1804544 [details]
This patch fix 2nd issue

Description of problem: 1. current version of utility has hplip-keyserver.patch that unnecessary nowadays. Upstream project has https://launchpadlibrarian.net/473402275/hplip-keyserver.patch for this issue.
2. Utility makes own gpg dir with wrong permissions.


Version-Release number of selected component (if applicable): 3.18.4-9


How reproducible: always


Steps to Reproduce:
1. dnf install hplip
2. exec 'hp-plugin -i'
3. choose default options

Actual results:
You will see 'error: Unable to recieve key from keyserver'

Expected results: print DONE


Additional info:
Comment 1 Zdenek Dohnal 2021-07-23 05:30:19 UTC 
Hi Sergey,

Thank you for taking the time to report this issue to us. I appreciate the feedback and use reports such as this one to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and I am not able to guarantee the timeliness or suitability of a resolution.

If this issue is critical or in any way time sensitive, please raise a ticket through the regular Red Hat support channels to ensure it receives the proper attention and prioritization to assure a timely resolution.

For information on how to contact the Red Hat production support team, please visit:
    https://access.redhat.com/support

Ad issues:

1. HP upstream doesn't have a patch for the issue... the patch you pointed out I wrote for Fedora sometime ago, when I found out the current solution isn't robust enough :( . The current solution works sometimes (but not today it seems :D ) and downloading keys doesn't block user from downloading plugin and making your device work (if it really needs plugin), so IMO it is not urgent.
2. thanks for the patch for the second issue! I'll apply it in Fedora for now, I'll see if I can fix it in RHEL/CentOS Stream.
Comment 2 Zdenek Dohnal 2021-07-23 06:56:20 UTC 
I can reproduce with 'hp-plugin -i':

# hp-plugin -i
...
error: Unable to recieve key from keyserver
Do you still want to install the plug-in? (y=yes, n=no*, q=quit) ? y
...

# ls -lah ~/.hplip
total 0
drwxr-xr-x. 3 root root  20 Jul 23 01:29 .
dr-xr-x---. 6 root root 280 Jul 23 01:27 ..
drwxr-xr-x. 3 root root  39 Jul 23 01:29 .gnupg
-----------

The correct perms must be 700.
Comment 4 Zdenek Dohnal 2021-07-23 08:53:48 UTC 
Sergey,

~/.hplip/.gnupg/ directory doesn't contain any private keys (hp-plugin just downloads a public key from keyserver, which is then used during verification of integrity and authenticity of the plugin with digital signature), so AFAIK there isn't a security risk there.

I'll fix the permissions in Fedora, and backport keyserver.patch into RHEL 8 to have a stable way of getting gpg key.
Comment 5 Zdenek Dohnal 2021-07-23 08:57:00 UTC 
Created attachment 1804798 [details]
Patch from Fedora
Comment 7 Zdenek Dohnal 2021-12-08 07:46:08 UTC 
Since the issue isn't blocking users from installing the plugin itself, I'm closing the issue as WONTFIX.

Feel free to reopen if there is a request from the regular Red Hat support channels.
Note You need to log in before you can comment on or make changes to this bug.