Bug 2053987 - RPM spec for file does not verify the GPG signature
Summary: RPM spec for file does not verify the GPG signature
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: file
Version: 35
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
Assignee: Vincent Mihalkovič
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-13 19:11 UTC by Demi Marie Obenour
Modified: 2022-03-02 15:11 UTC (History)
5 users (show)

Fixed In Version: file-5.41-5.fc37
Clone Of:
Environment:
Last Closed: 2022-03-02 15:11:04 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Demi Marie Obenour 2022-02-13 19:11:37 UTC
Description of problem:
The RPM spec for file(1) does not verify the GPG signature on the
source tarball

Version-Release number of selected component (if applicable):
5.41

How reproducible:
100%

Steps to Reproduce:
1. dnf download --source file
2. Look at file.spec

Actual results:
The source tarball’s signature is not checked

Expected results:
The source tarball’s signature is checked

Additional info:

Comment 1 Vincent Mihalkovič 2022-02-16 09:16:29 UTC
Hi,
could you please be more elaborate in description of problem? If it is possible please send me some link or patch, because I do not know what is cause of mentioned error.

Comment 2 Kamil Dudka 2022-02-19 15:42:24 UTC
As I understand it, this is a request for a commit like this: https://src.fedoraproject.org/rpms/curl/c/ece67bdd

Comment 3 Vincent Mihalkovič 2022-03-02 15:11:04 UTC
dist-git commit: https://src.fedoraproject.org/rpms/file/c/69a6906f649dbf0255d71296a97b587b23f8d7bb


Note You need to log in before you can comment on or make changes to this bug.