So we are blocked until this is resolved.
Best regards,
/M
On Mon, Mar 14, 2022 at 12:09 PM Miroslav Vadkerti <mvadkert(a)redhat.com>
wrote:
Hi,
We have a fairly old rawhide image due to
https://pagure.io/fedora-infrastructure/issue/10532
I am updating it today manually and will restart your job afterwards.
HTH,
/M
On Mon, Mar 14, 2022 at 12:01 PM Jan Pazdziora <jpazdziora(a)redhat.com>
wrote:
>
> Hello,
>
> my Fedora 37 update
>
>
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ea61708c2d
>
> runs a gating test
>
>
>
https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/dist-git-pi...
>
> In the test we check if the tool (rpm2swidtag) generates the correct
> SWID tags, and one of the things that it checks is the match between
> the distribution and the signatures used on the packages.
>
> However, the output of the gating test shows that the
>
> rpm -qi bash | grep '^Signature'
>
> command produces
>
> + rpm -qi bash
> + grep '^Signature'
> Signature : RSA/SHA256, Wed 19 Jan 2022 10:50:42 PM UTC, Key ID
> 999f7cbf38ab71f4
>
> which is exactly the same that the Fedora 36 job shows in
>
>
>
https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/dist-git-pi...
>
> but it's not the key with which for example the package in the Fedora
> rawhide container is signed:
>
> $ podman run --rm
registry.fedoraproject.org/fedora:rawhide rpm
> -qi bash | grep '^Signature'
> Signature : RSA/SHA256, Wed Feb 9 02:13:15 2022, Key ID
> f55ad3fb5323552a
>
> Note that the container still has the .fc36 build
>
> $ podman run --rm
registry.fedoraproject.org/fedora:rawhide rpm
> -q bash
> bash-5.1.16-2.fc36.x86_64
>
> but its signature matches the rawhide (and future Fedora 37) key.
>
> It seems the environment used to run the tests for Fedora 37 has
> /etc/os-release which says Fedora 37 but at the same time the packages
> are not signed with the respective key, even if those signatures are
> already available as shown by the rawhide compose image.
>
> Is this expected or a bug?
>
> --
> Jan Pazdziora
> Product Owner, Platform Security Readiness, Red Hat
> _______________________________________________
> CI mailing list -- ci(a)lists.fedoraproject.org
> To unsubscribe send an email to ci-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
>
https://pagure.io/fedora-infrastructure
>
--
Miroslav Vadkerti :: Senior Principal QE :: Testing Farm / Linux QE
IRC mvadkert #tft #tmt #osci :: Mobile +420 773 944 252
Remote Czech Republic :: Red Hat Czech s.r.o
--
Miroslav Vadkerti :: Senior Principal QE :: Testing Farm / Linux QE
IRC mvadkert #tft #tmt #osci :: Mobile +420 773 944 252
Remote Czech Republic :: Red Hat Czech s.r.o