Hello,
I'm testing libdnf plugin and as part of the tests, I want to install some packages from the current Fedora-configured repositories.
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]
is enabled with
gpgcheck: 1 and gpgkey: []
but rpms in that repository are not signed, as mentioned by microdnf in
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
Downloading packages... error: package info-6.6-1.fc30.x86_64 cannot be verified and repo koji-f30-build is GPG enabled: package not signed: info-6.6-1.fc30.x86_64.rpm
(Looking at the /tmp/package-test.sh outputs in both cases.)
Shouldn't the repositories in Fedora CI environments be configured with gpgcheck: 0 if the packages in
https://kojipkgs.fedoraproject.org/repos/*-build/latest/*/
are not signed?
On Wed, Jun 05, 2019 at 01:26:39PM +0200, Jan Pazdziora wrote:
Hello,
I'm testing libdnf plugin and as part of the tests, I want to install some packages from the current Fedora-configured repositories.
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]
is enabled with
gpgcheck: 1 and gpgkey: []
but rpms in that repository are not signed, as mentioned by microdnf in
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
Downloading packages... error: package info-6.6-1.fc30.x86_64 cannot be verified and repo koji-f30-build is GPG enabled: package not signed: info-6.6-1.fc30.x86_64.rpm
(Looking at the /tmp/package-test.sh outputs in both cases.)
Shouldn't the repositories in Fedora CI environments be configured with gpgcheck: 0 if the packages in
https://kojipkgs.fedoraproject.org/repos/*-build/latest/*/
are not signed?
To maybe rephrase the question: where are the repositories for Fedora CI environments configured?
Hi,
On Mon, Jun 10, 2019 at 10:28 AM Jan Pazdziora jpazdziora@redhat.com wrote:
On Wed, Jun 05, 2019 at 01:26:39PM +0200, Jan Pazdziora wrote:
Hello,
I'm testing libdnf plugin and as part of the tests, I want to install some packages from the current Fedora-configured repositories.
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]
is enabled with
gpgcheck: 1and gpgkey: []
but rpms in that repository are not signed, as mentioned by microdnf in
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
Downloading packages... error: package info-6.6-1.fc30.x86_64 cannot be verified and repokoji-f30-build is GPG enabled: package not signed: info-6.6-1.fc30.x86_64.rpm
(Looking at the /tmp/package-test.sh outputs in both cases.)
Shouldn't the repositories in Fedora CI environments be configured with gpgcheck: 0 if the packages in
https://kojipkgs.fedoraproject.org/repos/*-build/latest/*/are not signed?
To maybe rephrase the question: where are the repositories for Fedora CI environments configured?
Hmm, I believe we are not fiddling with Fedora repos, so the answer should be: what comes with Fedora's cloud image.
@bgoncalv am I right here?
/M
-- Jan Pazdziora Senior Principal Software Engineer, Security Engineering, Red Hat _______________________________________________ CI mailing list -- ci@lists.fedoraproject.org To unsubscribe send an email to ci-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
On Mon, Jun 10, 2019 at 10:41 AM Miroslav Vadkerti mvadkert@redhat.com wrote:
Hi,
On Mon, Jun 10, 2019 at 10:28 AM Jan Pazdziora jpazdziora@redhat.com wrote:
On Wed, Jun 05, 2019 at 01:26:39PM +0200, Jan Pazdziora wrote:
Hello,
I'm testing libdnf plugin and as part of the tests, I want to install some packages from the current Fedora-configured repositories.
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenkins/fedora-f30-pr-pipeline/detail/fedora-f30-pr-pipeline/119/pipeline/repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]is enabled with
gpgcheck: 1and gpgkey: []
but rpms in that repository are not signed, as mentioned by microdnf in
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenkins/fedora-f30-pr-pipeline/detail/fedora-f30-pr-pipeline/121/pipeline/ Downloading packages... error: package info-6.6-1.fc30.x86_64 cannot be verified and repo koji-f30-build is GPG enabled: package not signed: info-6.6-1.fc30.x86_64.rpm(Looking at the /tmp/package-test.sh outputs in both cases.)
Shouldn't the repositories in Fedora CI environments be configured with gpgcheck: 0 if the packages in
https://kojipkgs.fedoraproject.org/repos/*-build/latest/*/are not signed?
To maybe rephrase the question: where are the repositories for Fedora CI environments configured?
Hmm, I believe we are not fiddling with Fedora repos, so the answer should be: what comes with Fedora's cloud image.
@bgoncalv am I right here?
I think the main question is to know if the packages on repos like https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/pkglist are suppose to be signed or not. If they are not suppose to be signed we need to update the CI pipeline to not check for gpgkey on this kind of repo.
/M
-- Jan Pazdziora Senior Principal Software Engineer, Security Engineering, Red Hat _______________________________________________ CI mailing list -- ci@lists.fedoraproject.org To unsubscribe send an email to ci-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
-- Miroslav Vadkerti :: Principal QE :: BaseOS QE / OSCI IRC mvadkert #osci #baseosci #qe :: GPG 0x7B5B2E95 TPB-C 2C215 :: Mobile +420 773 944 252 Red Hat Czech s.r.o, Purkyňova 115, 612 00, Brno, CR
I believe they should not have been signed .... as those are not released packages ....
On Mon, Jun 10, 2019 at 10:48 AM Bruno Goncalves bgoncalv@redhat.com wrote:
On Mon, Jun 10, 2019 at 10:41 AM Miroslav Vadkerti mvadkert@redhat.com wrote:
Hi,
On Mon, Jun 10, 2019 at 10:28 AM Jan Pazdziora jpazdziora@redhat.com
wrote:
On Wed, Jun 05, 2019 at 01:26:39PM +0200, Jan Pazdziora wrote:
Hello,
I'm testing libdnf plugin and as part of the tests, I want to install some packages from the current Fedora-configured repositories.
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]
is enabled with
gpgcheck: 1and gpgkey: []
but rpms in that repository are not signed, as mentioned by microdnf in
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
Downloading packages... error: package info-6.6-1.fc30.x86_64 cannot be verified andrepo koji-f30-build is GPG enabled: package not signed: info-6.6-1.fc30.x86_64.rpm
(Looking at the /tmp/package-test.sh outputs in both cases.)
Shouldn't the repositories in Fedora CI environments be configured with gpgcheck: 0 if the packages in
https://kojipkgs.fedoraproject.org/repos/*-build/latest/*/are not signed?
To maybe rephrase the question: where are the repositories for Fedora CI environments configured?
Hmm, I believe we are not fiddling with Fedora repos, so the answer
should be: what comes with Fedora's cloud image.
@bgoncalv am I right here?
I think the main question is to know if the packages on repos like https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/pkglist are suppose to be signed or not. If they are not suppose to be signed we need to update the CI pipeline to not check for gpgkey on this kind of repo.
/M
-- Jan Pazdziora Senior Principal Software Engineer, Security Engineering, Red Hat _______________________________________________ CI mailing list -- ci@lists.fedoraproject.org To unsubscribe send an email to ci-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
-- Miroslav Vadkerti :: Principal QE :: BaseOS QE / OSCI IRC mvadkert #osci #baseosci #qe :: GPG 0x7B5B2E95 TPB-C 2C215 :: Mobile +420 773 944 252 Red Hat Czech s.r.o, Purkyňova 115, 612 00, Brno, CR
On Mon, Jun 10, 2019 at 10:40:49AM +0200, Miroslav Vadkerti wrote:
On Mon, Jun 10, 2019 at 10:28 AM Jan Pazdziora jpazdziora@redhat.com wrote:
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]
[...]
To maybe rephrase the question: where are the repositories for Fedora CI environments configured?
Hmm, I believe we are not fiddling with Fedora repos, so the answer should be: what comes with Fedora's cloud image.
@bgoncalv am I right here?
Fedora cloud image certainly does not have repository named "koji-f30-build" configured. That has to be coming from somewhere else.
On Mon, Jun 10, 2019 at 11:07 AM Jan Pazdziora jpazdziora@redhat.com wrote:
On Mon, Jun 10, 2019 at 10:40:49AM +0200, Miroslav Vadkerti wrote:
On Mon, Jun 10, 2019 at 10:28 AM Jan Pazdziora jpazdziora@redhat.com wrote:
However, looking at
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenki...
repository
Problem repository: [koji-f30-build] baseurl: [https://kojipkgs.fedoraproject.org/repos/f30-build/latest/x86_64/]
[...]
To maybe rephrase the question: where are the repositories for Fedora CI environments configured?
Hmm, I believe we are not fiddling with Fedora repos, so the answer should be: what comes with Fedora's cloud image.
@bgoncalv am I right here?
Fedora cloud image certainly does not have repository named "koji-f30-build" configured. That has to be coming from somewhere else.
It come from https://github.com/CentOS-PaaS-SIG/ci-pipeline/blob/master/config/Dockerfile...
Just need to set gpccheck=0 there.
I'll submit a fix for it soon/
-- Jan Pazdziora | adelton at #brno, #swid Sr. Principal Software Engineer, Security Engineering, Red Hat _______________________________________________ CI mailing list -- ci@lists.fedoraproject.org To unsubscribe send an email to ci-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
On Mon, Jun 10, 2019 at 11:11:29AM +0200, Bruno Goncalves wrote:
On Mon, Jun 10, 2019 at 11:07 AM Jan Pazdziora jpazdziora@redhat.com wrote:
Fedora cloud image certainly does not have repository named "koji-f30-build" configured. That has to be coming from somewhere else.
It come from https://github.com/CentOS-PaaS-SIG/ci-pipeline/blob/master/config/Dockerfile...
Just need to set gpccheck=0 there.
I'll submit a fix for it soon/
Great, thanks!
On Mon, Jun 10, 2019 at 11:15 AM Jan Pazdziora jpazdziora@redhat.com wrote:
On Mon, Jun 10, 2019 at 11:11:29AM +0200, Bruno Goncalves wrote:
On Mon, Jun 10, 2019 at 11:07 AM Jan Pazdziora jpazdziora@redhat.com wrote:
Fedora cloud image certainly does not have repository named "koji-f30-build" configured. That has to be coming from somewhere else.
It come from https://github.com/CentOS-PaaS-SIG/ci-pipeline/blob/master/config/Dockerfile...
Just need to set gpccheck=0 there.
I'll submit a fix for it soon/
It should be fixed now, sorry for the delay, we had some infrastructure outage yesterday that we were not able to update the container image used by the pipeline....
Great, thanks!
-- Jan Pazdziora Senior Principal Software Engineer, Security Engineering, Red Hat _______________________________________________ CI mailing list -- ci@lists.fedoraproject.org To unsubscribe send an email to ci-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
-
Bruno Goncalves -
Jan Pazdziora -
Miroslav Vadkerti