Actions
Issue #9350
closedgpgkey value created for .repo file wrongly has two slashes after hostname; fails to verify signature
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 105
Quarter:
Q4-2021
Description
Noticed when adding and installing a repo build with pulp.
"Error: Failed to download metadata for repo 'mycompany-2.x-rhel-8': repomd.xml GPG signature verification error: Bad GPG signature "
Looking at the repo config
[mycompany-2.x-rhel-8]
enabled=1
baseurl=https://download.mycompany.com/2.x-rhel-8/
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://download.mycompany.com//2.x-rhel-8/repodata/repomd.xml.key
notice ^^
It seems to be constructed here: https://github.com/pulp/pulp_rpm/blob/c29fe23ccb01bb9b148a38f450fe2ede4703bae3/pulp_rpm/app/models/repository.py#L442-449
versionmap:
core: 3.14.4
rpm: 3.14.1
file: 1.8.2
deb: 2.14.1
container: 2.8.0
Related issues
Actions
Fixes edge case where gpg key location in .repo file is invalid
closes: #9350 https://pulp.plan.io/issues/9350