Project

Profile

Help

Issue #9350

closed

gpgkey value created for .repo file wrongly has two slashes after hostname; fails to verify signature

Added by jxsxs over 3 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 105
Quarter:
Q4-2021

Description

Noticed when adding and installing a repo build with pulp.

"Error: Failed to download metadata for repo 'mycompany-2.x-rhel-8': repomd.xml GPG signature verification error: Bad GPG signature "

Looking at the repo config


[mycompany-2.x-rhel-8]
enabled=1
baseurl=https://download.mycompany.com/2.x-rhel-8/
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://download.mycompany.com//2.x-rhel-8/repodata/repomd.xml.key
                        notice       ^^

It seems to be constructed here: https://github.com/pulp/pulp_rpm/blob/c29fe23ccb01bb9b148a38f450fe2ede4703bae3/pulp_rpm/app/models/repository.py#L442-449

versionmap:

    core: 3.14.4
    rpm: 3.14.1
    file: 1.8.2
    deb: 2.14.1
    container: 2.8.0

Related issues

Copied to RPM Support - Backport #9429: Backport #9350 "gpgkey value created for .repo file wrongly has two slashes after hostname; fails to verify signature" to 3.14.zCLOSED - CURRENTRELEASEdalley

Actions
Actions #1

Updated by dalley over 3 years ago

  • Subject changed from gpgkey value wrongly has two slashes after hostname; fails to verify signature to gpgkey value created for .repo file wrongly has two slashes after hostname; fails to verify signature
  • Triaged changed from No to Yes
  • Sprint set to Sprint 105
  • Quarter set to Q4-2021
Actions #2

Updated by dalley over 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to dalley
Actions #3

Updated by dalley over 3 years ago

  • Sprint/Milestone set to 3.14.4
Actions #4

Updated by dalley over 3 years ago

Can you show your configuration of the distribution, and the repository? My first attempt to reproduce is unsuccessful

gpgkey=http://pulp3-source-fedora34.localhost.example.com/pulp/content/7bb2aa32-2bfc-4b6a-8a1c-0a6ffa51b7dc/repodata/repomd.xml.key

Actions #5

Updated by dannysauer about 3 years ago

We have an empty prefix; rather than using the default /pulp, we serve from the server root. It looks to me like that empty variable might result in two adjacent slashes after the hostname when the path is reconstructed.

Actions #6

Updated by dalley about 3 years ago

That is helpful context, thanks.

Actions #7

Updated by dalley about 3 years ago

  • Sprint/Milestone changed from 3.14.4 to 3.16.0
Actions #8

Updated by dalley about 3 years ago

  • Copied to Backport #9429: Backport #9350 "gpgkey value created for .repo file wrongly has two slashes after hostname; fails to verify signature" to 3.14.z added
Actions #9

Updated by dalley about 3 years ago

I'm guessing that CONTENT_PREFIX is not actually empty, but a lone "/", as shown in the 2nd example?

In [2]: foo("origin", "", "base", "key")                                                            
Out[2]: 'origin/base/key'

In [3]: foo("origin", "/", "base", "key")                                                           
Out[3]: 'origin//base/key'

In [4]: foo("origin", "prefix", "base", "key")                                                      
Out[4]: 'origin/prefix/base/key'

In [5]: foo("origin", "/prefix/", "base", "key")                                                    
Out[5]: 'origin/prefix/base/key'

In [6]: foo("origin", "prefix/", "base", "key")                                                     
Out[6]: 'origin/prefix/base/key'
Actions #10

Updated by pulpbot about 3 years ago

  • Status changed from ASSIGNED to POST

Added by dalley about 3 years ago

Revision f5300246 | View on GitHub

Fixes edge case where gpg key location in .repo file is invalid

closes: #9350 https://pulp.plan.io/issues/9350

Actions #11

Updated by dalley about 3 years ago

  • Status changed from POST to MODIFIED
Actions #12

Updated by pulpbot about 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF