Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsigned Source RPMs in LemonLDAP::NG Extras Repository for RHEL 8 #6

Open
HSalhii opened this issue Dec 15, 2024 · 1 comment
Open

Unsigned Source RPMs in LemonLDAP::NG Extras Repository for RHEL 8 #6

HSalhii opened this issue Dec 15, 2024 · 1 comment

Comments

@HSalhii
Copy link

HSalhii commented Dec 15, 2024

Description of the Issue

While attempting to download and install lasso source RPMs from the LemonLDAP::NG Extras repository on RHEL 8, I encountered an issue where several packages are being removed due to missing GPG signatures. This prevents successful installation. Below are the details.

System Information

  • OS Version: RHEL 8
  • Repository: LemonLDAP::NG Extras
  • Installed Public Key: GPG-KEY-LLNG-SECURITY.asc

Error Log

(52/57): lasso-2.8.0-1.el8.src.rpm              1.2 MB/s | 3.8 MB     00:03
(53/57): lasso-2.6.1-1.el8.src.rpm              1.2 MB/s | 4.3 MB     00:03
(54/57): lasso-2.7.0-1.el8.src.rpm              1.3 MB/s | 6.0 MB     00:04
(55/57): lasso-2.8.1-1.el8.src.rpm              1.2 MB/s | 3.8 MB     00:03
(56/57): lasso-2.8.2-1.el8.src.rpm              1.2 MB/s | 3.8 MB     00:03
(57/57): lasso-2.8.2-10.el8.src.rpm             1.3 MB/s | 3.8 MB     00:02
Removing lasso-2.6.1-1.el8.src.rpm: Package lasso-2.6.1-1.el8.src.rpm is not signed
Removing lasso-2.7.0-1.el8.src.rpm: Package lasso-2.7.0-1.el8.src.rpm is not signed
Removing lasso-2.8.0-1.el8.src.rpm: Package lasso-2.8.0-1.el8.src.rpm is not signed
Removing lasso-2.8.1-1.el8.src.rpm: Package lasso-2.8.1-1.el8.src.rpm is not signed
Removing lasso-2.8.2-1.el8.src.rpm: Package lasso-2.8.2-1.el8.src.rpm is not signed
Removing lasso-2.8.2-10.el8.src.rpm: Public key for lasso-2.8.2-10.el8.src.rpm is not installed
Error: GPG signature check failed.

Steps to Reproduce

  • Add the LemonLDAP::NG Extras repository to the system.
  • Install the GPG key GPG-KEY-LLNG-SECURITY.asc.
  • Attempt to install or fetch the lasso source RPMs.
  • Observe the error logs indicating missing signatures.

Expected Behavior

The RPM packages should be properly signed and verified against the installed public key.

Actual Behavior

The packages are either unsigned or the signatures cannot be verified, resulting in their removal.

Additional Notes

The installed public key is GPG-KEY-LLNG-SECURITY.asc.
Please confirm if the provided source RPMs are expected to be signed and, if so, ensure their signatures match the provided key.
@coudot
Copy link
Member

coudot commented Dec 15, 2024

We don't sign source RPMs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coudot @HSalhii