View Issue Details

IDProjectCategoryView StatusLast Update
0016934CentOS-8dockerpublic2020-01-20 00:38
Reporterprv100 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version8.1.1911 
Target VersionFixed in Version 
Summary0016934: first dnf install works, others return GPG check FAILED
DescriptionAfter a successful installation of some packages (ej.: "man"), subsequent installations fails due to wrong key.
Steps To Reproduce# Run "dnf install -y man", then try to install/reinstall any package

[root@7053ea15d4e1 /]# dnf install -y man
Failed to set locale, defaulting to C.UTF-8
CentOS-8 - AppStream 8.3 MB/s | 5.8 MB 00:00
CentOS-8 - Base 8.6 MB/s | 4.0 MB 00:00
CentOS-8 - Extras 13 kB/s | 2.1 kB 00:00
Dependencies resolved.
=================================================================================================================
 Package Architecture Version Repository Size
=================================================================================================================
Installing:
 man-db x86_64 2.7.6.1-17.el8 BaseOS 887 k
Installing dependencies:
 groff-base x86_64 1.22.3-18.el8 BaseOS 1.0 M
 libpipeline x86_64 1.5.0-2.el8 BaseOS 54 k

Transaction Summary
=================================================================================================================
Install 3 Packages

Total download size: 1.9 M
Installed size: 6.1 M
Downloading Packages:
(1/3): libpipeline-1.5.0-2.el8.x86_64.rpm 1.1 MB/s | 54 kB 00:00
(2/3): man-db-2.7.6.1-17.el8.x86_64.rpm 8.2 MB/s | 887 kB 00:00
(3/3): groff-base-1.22.3-18.el8.x86_64.rpm 8.7 MB/s | 1.0 MB 00:00
-----------------------------------------------------------------------------------------------------------------
Total 9.4 MB/s | 1.9 MB 00:00
warning: /var/cache/dnf/BaseOS-f6a80ba95cf937f2/packages/groff-base-1.22.3-18.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - Base 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
 Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
 Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing : 1/1
  Installing : libpipeline-1.5.0-2.el8.x86_64 1/3
  Running scriptlet: libpipeline-1.5.0-2.el8.x86_64 1/3
  Installing : groff-base-1.22.3-18.el8.x86_64 2/3
  Running scriptlet: man-db-2.7.6.1-17.el8.x86_64 3/3
  Installing : man-db-2.7.6.1-17.el8.x86_64 3/3
  Running scriptlet: man-db-2.7.6.1-17.el8.x86_64 3/3
  Verifying : groff-base-1.22.3-18.el8.x86_64 1/3
  Verifying : libpipeline-1.5.0-2.el8.x86_64 2/3
  Verifying : man-db-2.7.6.1-17.el8.x86_64 3/3

Installed:
  man-db-2.7.6.1-17.el8.x86_64 groff-base-1.22.3-18.el8.x86_64 libpipeline-1.5.0-2.el8.x86_64

Complete!
[root@7053ea15d4e1 /]# dnf reinstall -y man
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:00:12 ago on Thu Jan 16 13:46:00 2020.
Dependencies resolved.
=================================================================================================================
 Package Architecture Version Repository Size
=================================================================================================================
Reinstalling:
 man-db x86_64 2.7.6.1-17.el8 BaseOS 887 k

Transaction Summary
=================================================================================================================

Total download size: 887 k
Installed size: 2.0 M
Downloading Packages:
man-db-2.7.6.1-17.el8.x86_64.rpm 8.2 MB/s | 887 kB 00:00
-----------------------------------------------------------------------------------------------------------------
Total 1.9 MB/s | 887 kB 00:00
warning: /var/cache/dnf/BaseOS-f6a80ba95cf937f2/packages/man-db-2.7.6.1-17.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - Base 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
 Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
 Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Public key for man-db-2.7.6.1-17.el8.x86_64.rpm is not installed. Failing package is: man-db-2.7.6.1-17.el8.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
TagsNo tags attached.

Activities

jeffparsons

jeffparsons

2020-01-19 23:43

reporter   ~0036069

Here's another issue from a while ago that looks vaguely related:
https://bugs.centos.org/view.php?id=16655

I also found this comment on GitHub that hints at even more vaguely related scary Docker filesystem issues, and offers a workaround:
https://github.com/CentOS/sig-cloud-instance-images/issues/151#issuecomment-542851657

> \@rp42 thats a known issue. a workaround is to call `touch /var/lib/rpm/*` as first command

Applying that workaround solves the issue for me -- at least in the minimal repro of `yum install -y man && yum reinstall -y man`. (Still waiting on CI results for "the rest of my stuff that was broken by this".)

I'd really like to understand this better. My very loose understanding at this point is that the filesystems used by Docker (overlay*) do all kinds of bananas things that break perfectly reasonable assumptions made by parts of Centos, and so the Centos Docker images gradually accumulate workarounds that let users mostly ignore the crazy stuff going on underneath. Does that match other people's understandings of the overall situation? :)
jeffparsons

jeffparsons

2020-01-20 00:38

reporter   ~0036070

Quick update: the workaround I posted above does _not_ actually solve the problem. It allows my the Docker image I use for everything else to build fine again, but then all Docker images that extend it have the same problem again, even if I run that `touch ...` hack as their first command.

I guess that was a little optimistic...

Issue History

Date Modified Username Field Change
2020-01-16 13:50 prv100 New Issue
2020-01-19 23:43 jeffparsons Note Added: 0036069
2020-01-20 00:38 jeffparsons Note Added: 0036070