View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0018058 | CentOS-7 | -OTHER | public | 2021-02-10 15:41 | 2021-02-15 13:18 |
Reporter | pjwelsh | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | assigned | Resolution | open | ||
Product Version | 7.9.2009 | ||||
Summary | 0018058: altarch LTS 5.4 Kernel repo x86_64 perl-generators and perl-interpreter "--checksig" fail? | ||||
Description | Due to past package corruption issues on systems, I include an "rpm --checksig" for all packages. Recently, the centos-kernel/x86_64/Packages/{perl-generators-1.08-6.el7.noarch.rpm,perl-interpreter-5.16.3-6.el7.noarch.rpm} have been failing the check and my reposync fails as a result. So, downloading the files (from 2018) directly from http://mirror.centos.org/centos/7/updat ... /Packages/ produces the same failed key/"digests SIGNATURES NOT OK"/"NOKEY" results: $ rpm --checksig perl-generators-1.08-6.el7.noarch.rpm perl-generators-1.08-6.el7.noarch.rpm: digests SIGNATURES NOT OK [ $ rpm --checksig perl-interpreter-5.16.3-6.el7.noarch.rpm perl-interpreter-5.16.3-6.el7.noarch.rpm: digests SIGNATURES NOT OK $ rpm -v --checksig perl-interpreter-5.16.3-6.el7.noarch.rpm perl-interpreter-5.16.3-6.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 62505fe6: NOKEY Header SHA1 digest: OK V3 RSA/SHA256 Signature, key ID 62505fe6: NOKEY MD5 digest: OK $ rpm -v --checksig perl-generators-1.08-6.el7.noarch.rpm perl-generators-1.08-6.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 62505fe6: NOKEY Header SHA1 digest: OK V3 RSA/SHA256 Signature, key ID 62505fe6: NOKEY MD5 digest: OK $ rpm -qf /etc/yum.repos.d/CentOS-x86_64-kernel.repo centos-release-7-9.2009.1.el7.centos.x86_64 No other files seem affected at this point. Any idea what's going on? | ||||
Steps To Reproduce | Visit http://mirror.centos.org/altarch/7/kernel/x86_64/Packages/ and grab perl-generators-1.08-6.el7.noarch.rpm and perl-interpreter-5.16.3-6.el7.noarch.rpm (http://mirror.centos.org/altarch/7/kernel/x86_64/Packages/perl-generators-1.08-6.el7.noarch.rpm and http://mirror.centos.org/altarch/7/kernel/x86_64/Packages/perl-interpreter-5.16.3-6.el7.noarch.rpm) rpm --checksig perl-generators-1.08-6.el7.noarch.rpm rpm --checksig perl-interpreter-5.16.3-6.el7.noarch.rpm Both produce "digests SIGNATURES NOT OK" | ||||
Tags | No tags attached. | ||||
abrt_hash | |||||
URL | |||||
This is likely an altarch key issue .. let me see what key this version is signed with. | |
Any word on this "key" issue for these RPMs? Thank You. | |
This may not be related, but I've been also having issues with a couple of other packages recently. I've been noticing that a very recent set of updates to flatpak* have triggered some odd behavior with my reposync (from my log file): (1/4): flatpak-devel-1.0.9 0% [ ] 0.0 B/s | 0 B --:-- ETA ^M^Mflatpak-1.0.9-10.el7_9.x86_64. FAILED (1/4): flatpak-builder-1.0 0% [ ] 0.0 B/s | 0 B --:-- ETA ^M^Mflatpak-builder-1.0.0-10.el7_9 FAILED (1/4): flatpak-builder-1.0 0% [ ] 0.0 B/s | 0 B --:-- ETA ^M^Mflatpak-libs-1.0.9-10.el7_9.x8 FAILED (1/4): flatpak-libs-1.0.9- 0% [ ] 0.0 B/s | 0 B --:-- ETA ^M^Mflatpak-1.0.9-10.el7_9.x86_64. FAILED (1/4): flatpak-devel-1.0.9 0% [ ] 0.0 B/s | 0 B --:-- ETA ^M^Mflatpak-builder-1.0.0-10.el7_9 FAILED ... When checking what was going on, I started with the checking all of the signatures and they all pass: # rpm --checksig flatpak-* flatpak-1.0.9-10.el7_9.x86_64.rpm: rsa sha1 (md5) pgp md5 OK flatpak-builder-1.0.0-10.el7_9.x86_64.rpm: rsa sha1 (md5) pgp md5 OK flatpak-devel-1.0.9-10.el7_9.x86_64.rpm: rsa sha1 (md5) pgp md5 OK flatpak-libs-1.0.9-10.el7_9.x86_64.rpm: rsa sha1 (md5) pgp md5 OK However, on another system with this issue (all had it) I removed the flatpak files and *successfully* ran the reposync again. I was *very surprised* to see the same file names but flatpak-1.0.9-10.el7_9.x86_64.rpm was not a different *size* between the systems: [root@AAA Packages]# ll flatpak-* -rw-r--r-- 2 root root 980556 Feb 5 09:57 flatpak-1.0.9-10.el7_9.x86_64.rpm [root@BBB Packages]# ll flatpak-* -rw-r--r-- 2 root root 980548 Feb 8 13:32 flatpak-1.0.9-10.el7_9.x86_64.rpm BUT they both checkout with signature with the same name: [root@AAA Packages]# rpm -v --checksig flatpak-1.0.9-10.el7_9.x86_64.rpm flatpak-1.0.9-10.el7_9.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: OK Header SHA1 digest: OK (16c93d51701eebcf36b0d501e9601b1a3887249f) V3 RSA/SHA256 Signature, key ID f4a80eb5: OK MD5 digest: OK (6dc80874fbe2aa6650b180e6d28960f2) [root@BBB Packages]# rpm -v --checksig flatpak-1.0.9-10.el7_9.x86_64.rpm flatpak-1.0.9-10.el7_9.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: OK Header SHA1 digest: OK (16c93d51701eebcf36b0d501e9601b1a3887249f) V3 RSA/SHA256 Signature, key ID f4a80eb5: OK MD5 digest: OK (6dc80874fbe2aa6650b180e6d28960f2) But they are *NOT* the same !!??? [root@AAA Packages]# md5sum flatpak-1.0.9-10.el7_9.x86_64.rpm e26948e512b040ac08dfc6dea1fe3534 flatpak-1.0.9-10.el7_9.x86_64.rpm [root@BBB Packages]# md5sum flatpak-1.0.9-10.el7_9.x86_64.rpm 1ebad9329ac01436f42d75413bbc1366 flatpak-1.0.9-10.el7_9.x86_64.rpm And looking at the package info, the signature date is different: AAA = Signature : RSA/SHA256, Fri 05 Feb 2021 09:57:11 AM CST, Key ID 24c6a8a7f4a80eb5 BBB = Signature : RSA/SHA256, Mon 08 Feb 2021 01:32:32 PM CST, Key ID 24c6a8a7f4a80eb5 |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2021-02-10 15:41 | pjwelsh | New Issue | |
2021-02-10 17:37 | toracat | Status | new => assigned |
2021-02-10 17:53 | JohnnyHughes | Note Added: 0038239 | |
2021-02-14 14:52 | pjwelsh | Note Added: 0038245 | |
2021-02-15 13:18 | pjwelsh | Note Added: 0038247 |