View Issue Details

IDProjectCategoryView StatusLast Update
0017848CentOS-7-OTHERpublic2020-11-12 16:24
Reporteravij 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version7.9.2009 
Target VersionFixed in Version 
Summary0017848: base repomd.xml signature outdated
DescriptionOn a server which has had CentOS 7.8 + CR packages installed, running "yum update" after 7.9 was released yields this output:

# yum update
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 21 kB 00:00:00
 * base: ftp.funet.fi
 * epel: www.nic.funet.fi
 * extras: mirror.scaleuptech.com
 * updates: ftp.funet.fi
base/7/x86_64/signature | 811 B 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@b)
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
base/7/x86_64/signature | 3.6 kB 00:00:00 !!!
http://ftp.funet.fi/pub/mirrors/centos.org/7.9.2009/os/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for base
Trying other mirror.
base/7/x86_64/signature | 811 B 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@b)
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y

.. and it will eventually output:
 Gpg Keys not imported, cannot verify repomd.xml for repo base

Looking at http://mirror.centos.org/centos/7.9.2009/os/x86_64/repodata/ I see:

[TXT] repomd.xml 2020-10-29 20:03 3.6K
[TXT] repomd.xml.asc 2020-10-26 16:51 811

meaning that repomd.xml was updated at some point, but the corresponding .asc signature wasn't.
Steps To ReproduceSet repo_gpgcheck=1 in CentOS-Base.repo's [base] section, run "yum update".
TagsNo tags attached.
abrt_hash
URL

Activities

avij

avij

2020-11-12 16:06

updater   ~0037879

As expected, this is also the case on at least the Everything.iso image:

# mkdir 79
# mount -r -o loop CentOS-7-x86_64-Everything-2009.iso 79
# ls -l 79/repodata/
total 28850
-rw-r--r--. 1 root root 2994847 Oct 29 22:02 2b479c0f3efa73f75b7fb76c82687744275fff78e4a138b5b3efba95f91e099e-primary.xml.gz
-rw-r--r--. 1 root root 7474108 Oct 29 22:02 5319616dde574d636861a6e632939f617466a371e59b555cf816cf1f52f3e873-filelists.xml.gz
-rw-r--r--. 1 root root 6351994 Oct 29 22:03 6d0c3a488c282fe537794b5946b01e28c7f44db79097bb06826e1c0c88bad5ef-primary.sqlite.bz2
-rw-r--r--. 1 root root 1623852 Oct 29 22:02 845e42288d3b73a069e781b4307caba890fc168327baba20ce2d78a7507eb2af-other.xml.gz
-rw-r--r--. 1 root root 156763 Oct 29 22:03 a4e2b46586aa556c3b6f814dad5b16db5a669984d66b68e873586cd7c7253301-c7-x86_64-comps.xml.gz
-rw-r--r--. 1 root root 744670 Oct 29 22:03 cca56f3cffa18f1e52302dbfcf2f0250a94c8a37acd8347ed6317cb52c8369dc-c7-x86_64-comps.xml
-rw-r--r--. 1 root root 7508416 Oct 29 22:02 d6d94c7d406fe7ad4902a97104b39a0d8299451832a97f31d71653ba982c955b-filelists.sqlite.bz2
-rw-r--r--. 1 root root 2676918 Oct 29 22:02 ecaab5cc3b9c10fefe6be2ecbf6f9fcb437231dac3e82cab8d9d2cf70e99644d-other.sqlite.bz2
-rw-r--r--. 1 root root 3736 Oct 29 22:03 repomd.xml
-rw-r--r--. 1 root root 811 Oct 26 18:51 repomd.xml.asc
arrfab

arrfab

2020-11-12 16:13

administrator   ~0037880

Thanks for the report Anssi. I've asked Johnny to have a look and fix it
JohnnyHughes

JohnnyHughes

2020-11-12 16:24

administrator   ~0037882

New repomd.xml.asc are pushed to the mirrors.

Issue History

Date Modified Username Field Change
2020-11-12 15:53 avij New Issue
2020-11-12 16:06 avij Note Added: 0037879
2020-11-12 16:13 arrfab Status new => acknowledged
2020-11-12 16:13 arrfab Note Added: 0037880
2020-11-12 16:24 JohnnyHughes Status acknowledged => resolved
2020-11-12 16:24 JohnnyHughes Resolution open => fixed
2020-11-12 16:24 JohnnyHughes Note Added: 0037882