2053987 – RPM spec for file does not verify the GPG signature

Bug 2053987 - RPM spec for file does not verify the GPG signature

Summary: RPM spec for file does not verify the GPG signature

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	file
Sub Component:
Version:	35
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Vincent Mihalkovič
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-13 19:11 UTC by Demi Marie Obenour
Modified:	2022-03-02 15:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:	file-5.41-5.fc37
Clone Of:
Environment:
Last Closed:	2022-03-02 15:11:04 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Demi Marie Obenour 2022-02-13 19:11:37 UTC

Description of problem:
The RPM spec for file(1) does not verify the GPG signature on the
source tarball

Version-Release number of selected component (if applicable):
5.41

How reproducible:
100%

Steps to Reproduce:
1. dnf download --source file
2. Look at file.spec

Actual results:
The source tarball’s signature is not checked

Expected results:
The source tarball’s signature is checked

Additional info:

Comment 1 Vincent Mihalkovič 2022-02-16 09:16:29 UTC

Hi,
could you please be more elaborate in description of problem? If it is possible please send me some link or patch, because I do not know what is cause of mentioned error.

Comment 2 Kamil Dudka 2022-02-19 15:42:24 UTC

As I understand it, this is a request for a commit like this: https://src.fedoraproject.org/rpms/curl/c/ece67bdd

Comment 3 Vincent Mihalkovič 2022-03-02 15:11:04 UTC

dist-git commit: https://src.fedoraproject.org/rpms/file/c/69a6906f649dbf0255d71296a97b587b23f8d7bb

Note You need to log in before you can comment on or make changes to this bug.