Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2183489
Summary: | can't rpm erase, package with invalid hash lodged inside rpmdb | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ganapathi Kamath <hgkamath> |
Component: | rpm | Assignee: | Packaging Maintenance Team <packaging-team-maint> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 38 | CC: | igor.raits, mdomonko, packaging-team-maint, pmatilai, vmukhame |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-03-31 11:06:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ganapathi Kamath
2023-03-31 10:58:14 UTC
Update to latest rpm-sequoia and crypto-policies. More details in bug 2170878. *** This bug has been marked as a duplicate of bug 2170878 *** Thanks Panu LOGS [root@sirius livna]# rpm -qa >/dev/null error: rpmdbNextIterator: skipping h# 17 Header V4 DSA/SHA1 Signature, key ID a109b1ec: BAD Header SHA1 digest: OK error: rpmdbNextIterator: skipping h# 19 Header V4 DSA/SHA1 Signature, key ID a109b1ec: BAD Header SHA1 digest: OK [root@sirius livna]# rpm -q --nosignature --querybynumber 17 livna-release-1-1.noarch [root@sirius livna]# rpm -q --nosignature --querybynumber 19 libdvdcss-1.4.0-1.fc24.remi.x86_64 [root@sirius livna]# rpm -e --nosignature libdvdcss-1.4.0-1.fc24.remi.x86_64 [root@sirius livna]# rpm -e --nosignature livna-release-1-1.noarch [root@sirius livna]# [root@sirius livna]# rpm -qa >/dev/null [root@sirius livna]# rpm -q crypto-policies rpm-sequoia crypto-policies-20230301-1.gita12f7b2.fc38.noarch rpm-sequoia-1.3.0-1.fc38.x86_64 [root@sirius livna]# update-crypto-policies --show DEFAULT MISC Collecting some links here found while reading 20230217 Insecure installed RPMs (like Google Chrome) prevent system updates in F38, can't be removed https://bugzilla.redhat.com/show_bug.cgi?id=2170878 : - 20230230 Kamil Páral Third-party RPMs with an invalid signing key might cause errors during package operations https://discussion.fedoraproject.org/t/third-party-rpms-with-an-invalid-signing-key-might-cause-errors-during-package-operations/80077 - 20230227 Kamil Páral Talk: Popular third-party RPMs fail to install/update/remove due to security policies verification https://discussion.fedoraproject.org/t/talk-popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/70379/1 - 20230208 Kamil Páral Popular third-party RPMs fail to install/update/remove due to security policies verification https://discussion.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/70498 - 20230330 Rebuild to pull in cryptographic fixes for RPM https://bugzilla.redhat.com/show_bug.cgi?id=2183038 - 20230131 Kevin/Nirik error: rpmdbNextIterator: skipping in Fedora 38+ https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-skipping-in-fedora-38/ I gather there are two options a) either add SHA1 to the crypto policy b) rpm-erase the troublesome apps, and wait for the repositories to update to stronger GPG keys |