Re: RPM Sequoia crypto breaks RPM
On 11/10/22 15:05, Miro Hrončok wrote:
Hello Panu, Copr folks,
In
https://copr.fedorainfracloud.org/coprs/ksurma/docutils-0.19/build/5030501/
We see:
Error: Transaction test error:
package python3-pytest-7.1.3-1.fc38.noarch does not verify: Header
RSA signature: BAD (package tag 268: invalid OpenPGP signature)
package python3-docutils-0.19-1.fc38.noarch does not verify: Header
RSA signature: BAD (package tag 268: invalid OpenPGP signature)
Those are packages built in the copr.
Okay, AFAICS those would be
https://download.copr.fedorainfracloud.org/results/ksurma/docutils-0.19/f...
and
https://download.copr.fedorainfracloud.org/results/ksurma/docutils-0.19/f...
They are not the usual SHA1 case, both are RSA/SHA256 signed so this
looks like an actual bug. Please report on bugzilla so it gets properly
tracked and we have a place to direct people to.
- Panu -