Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1801338
Summary: | Changes to gpgv options used in debmirror 2.33 break gpg signature verification. | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Donald Ledford <ledfordd> |
Component: | debmirror | Assignee: | Sergio Basto <sergio> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | epel7 | CC: | puiterwijk, sergio |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | debmirror-2.30-4.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-16 16:06:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Donald Ledford
2020-02-10 16:53:26 UTC
Sorry, I meant 2.30-1 not 2.32-1 in the above comment. Thank you for the report use mean just remove "--output -" fixes the problem ? I'm not sure that just removing "--output -" would resolve the issue. It appears the code changes between 2.30 and 2.33 added lines to dynamically change the "--status-fd" FD number at runtime. The code appears to check the gpgv STDOUT for a good signature message. If --status-fd isn't 1 or 2 the Perl code may not get the gpgv command output to check. I'm guessing that "--output -" was added so the output is always sent to STDOUT and other messages can be sent to other FD descriptors with the dynamic "--status-fd" FD option. The code change for this functionality was done in commit 3b5c84e534e52f51e0a6373223483f1130d45e3e in response to Debian bug 918304. The first release of debmirror with these changes was version 2.31. See here: https://salsa.debian.org/debian/debmirror/commit/3b5c84e534e52f51e0a6373223483f1130d45e3e and here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918304 I'll be honest, I'm not a programmer and Perl isn't a language I'm super familiar with so I'm guessing on the above analysis. I reverted the debmirror package to 2.30-1 and pinned it on my production system to work around this bug. My repos are still syncing correctly with the 2.30-1 package and GPG signature verification turned on. OK, no worries, maybe the best is rollback to debmirror-2.30 in el7 , isn't it . Thanks for the report debmirror-2.30-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9d014c4edf debmirror-2.30-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. |