[Bug 1036659] New: PackageKit deletes KDE:Extra repo gpg key
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659 Bug ID: 1036659 Summary: PackageKit deletes KDE:Extra repo gpg key Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Applications Assignee: opensuse-kde-bugs@opensuse.org Reporter: opensuse@trummer.xyz QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 723027 --> http://bugzilla.opensuse.org/attachment.cgi?id=723027&action=edit packagekit log, line 95 shows "Deleted key 20F8C4F40D210A40", which is the KDE:Extra repo key PackageKit deletes the gpg key for the KDE:Extra repo upon refreshing its cache. See also here: https://forums.opensuse.org/showthread.php/523966-PackageKit-deletes-gpg-key http://lists.opensuse.org/opensuse-factory/2017-04/msg00053.html -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c1
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c2
Dominique Leuenberger
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
Alexander van Kaam
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
Fabian Vogt
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c3
Jonathan Kang
@Jonathan: I suspect the latest patch addition to be responsible here.
especially + // keys no longer stored in the rpmdb need to be removed from the zypp keyring! + for (const PublicKeyData &el : zypp->keyRing ()->trustedPublicKeyData ())
Those codes are written based on the demo provided in bug#899755 by Michael Andres. I didn't understand every piece of those codes. @Michael Could you please help take a look at this? Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c4
--- Comment #4 from Michael Andres
[zypp] RpmDb.cc(syncTrustedKeys):966 Going to sync trusted keys... [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-0d210a40-581257c6 R_ ^^^^^^^^^^^^^^^^^ [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-307e3d54-4be01a65 R_ [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-3dbdc284-53674dd4 R_ [zypp] RpmDb.cc(syncTrustedKeys):970 Rpm keys to export into zypp trusted keyring: 3 [zypp] RpmDb.cc(syncTrustedKeys):971 Zypp trusted keys to import into rpm database: 0 [zypp] RpmDb.cc(syncTrustedKeys):977 Exporting rpm keyring into zypp trusted keyring
The initial sync finds key 0d210a40 (creation time -581257c6) int the rpm database. After import into the gpg keyring, the creation time changed to '-581257c7':
Found keys: { [20F8C4F40D210A40-581257c7] [KDE:Extra OBS Project KDE:Extra@build.opensuse.org] ^^ [B88B2FD43DBDC284-53674dd4] [openSUSE Project Signing Key
] [E3A5C360307E3D54-4be01a65] [SuSE Package Signing Key ] }
It almost looks like the key in PKs trusted zypp keyring (from a previous sync) is 1 second newer than the one now in the rpm database. This is where the trouble starts.
[zypp++] RpmDb.cc(updateIf):909 Old key in Z: gpg-pubkey-0d210a40-581257c6 [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-0d210a40-581257c7 _Z in Zypp but not in Rpm: ^^ ^^ [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-307e3d54-4be01a65 RZ [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-3dbdc284-53674dd4 RZ
PKs attempt to remove ....c7 from the keyring is correct. But it also leads to removal of the older ....c6 in the rpm database, which is a zypp issue (no matter if the 1 second difference is real (2 keys) or due to rpm/zypp/gpg compute the creation time differently). Anyway, these key handling details are nothing PK should care about. I'll add some method to target->rpmDb(), which will load the rpmdb trusted keys in manner sufficient for this usecase. Then you will just have to call this methods and the details go into libzypp. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c8
Michael Andres
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c9
Michael Andres
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c10
Dieter Nützel
Libzypp and rpm disagreed on the keys creation time. Fixed in libzypp-16.15.2.
Can't find this version in _current_ Tumbleweed (openSUSE-release-20170810-1.4). When will this arrive? Thanks, Dieter -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659
http://bugzilla.opensuse.org/show_bug.cgi?id=1036659#c11
--- Comment #11 from Michael Andres
participants (1)
-
bugzilla_noreply@novell.com