Ok, the issue was PEBKAC
So we now have Fedora-Cloud-Base-Rawhide-20220314.n.0 but it still has fc36
bash, but the signature seems correct:
[fedora@ip-172-31-31-119 ~]$ rpm -q bash
bash-5.1.16-2.fc36.aarch64
[fedora@ip-172-31-31-119 ~]$ rpm -qi bash | grep '^Signature'
Signature : RSA/SHA256, Wed 09 Feb 2022 02:13:17 AM UTC, Key ID
f55ad3fb5323552a
Restarted your test:
HTH,
/M
On Tue, Mar 15, 2022 at 12:24 AM Miroslav Vadkerti <mvadkert(a)redhat.com>
wrote:
Unfortunately we were not able to find a working newer Rawhide
image:
https://pagure.io/cloud-sig/issue/372
So we are blocked until this is resolved.
Best regards,
/M
On Mon, Mar 14, 2022 at 12:09 PM Miroslav Vadkerti <mvadkert(a)redhat.com>
wrote:
> Hi,
>
> We have a fairly old rawhide image due to
>
>
https://pagure.io/fedora-infrastructure/issue/10532
>
> I am updating it today manually and will restart your job afterwards.
>
> HTH,
> /M
>
> On Mon, Mar 14, 2022 at 12:01 PM Jan Pazdziora <jpazdziora(a)redhat.com>
> wrote:
>
>>
>> Hello,
>>
>> my Fedora 37 update
>>
>>
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ea61708c2d
>>
>> runs a gating test
>>
>>
>>
https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/dist-git-pi...
>>
>> In the test we check if the tool (rpm2swidtag) generates the correct
>> SWID tags, and one of the things that it checks is the match between
>> the distribution and the signatures used on the packages.
>>
>> However, the output of the gating test shows that the
>>
>> rpm -qi bash | grep '^Signature'
>>
>> command produces
>>
>> + rpm -qi bash
>> + grep '^Signature'
>> Signature : RSA/SHA256, Wed 19 Jan 2022 10:50:42 PM UTC, Key
>> ID 999f7cbf38ab71f4
>>
>> which is exactly the same that the Fedora 36 job shows in
>>
>>
>>
https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/dist-git-pi...
>>
>> but it's not the key with which for example the package in the Fedora
>> rawhide container is signed:
>>
>> $ podman run --rm
registry.fedoraproject.org/fedora:rawhide rpm
>> -qi bash | grep '^Signature'
>> Signature : RSA/SHA256, Wed Feb 9 02:13:15 2022, Key ID
>> f55ad3fb5323552a
>>
>> Note that the container still has the .fc36 build
>>
>> $ podman run --rm
registry.fedoraproject.org/fedora:rawhide rpm
>> -q bash
>> bash-5.1.16-2.fc36.x86_64
>>
>> but its signature matches the rawhide (and future Fedora 37) key.
>>
>> It seems the environment used to run the tests for Fedora 37 has
>> /etc/os-release which says Fedora 37 but at the same time the packages
>> are not signed with the respective key, even if those signatures are
>> already available as shown by the rawhide compose image.
>>
>> Is this expected or a bug?
>>
>> --
>> Jan Pazdziora
>> Product Owner, Platform Security Readiness, Red Hat
>> _______________________________________________
>> CI mailing list -- ci(a)lists.fedoraproject.org
>> To unsubscribe send an email to ci-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
>> Do not reply to spam on the list, report it:
>>
https://pagure.io/fedora-infrastructure
>>
>
>
> --
> Miroslav Vadkerti :: Senior Principal QE :: Testing Farm / Linux QE
> IRC mvadkert #tft #tmt #osci :: Mobile +420 773 944 252
> Remote Czech Republic :: Red Hat Czech s.r.o
>
>
>
--
Miroslav Vadkerti :: Senior Principal QE :: Testing Farm / Linux QE
IRC mvadkert #tft #tmt #osci :: Mobile +420 773 944 252
Remote Czech Republic :: Red Hat Czech s.r.o
--
Miroslav Vadkerti :: Senior Principal QE :: Testing Farm / Linux QE
IRC mvadkert #tft #tmt #osci :: Mobile +420 773 944 252
Remote Czech Republic :: Red Hat Czech s.r.o