[Bug 1224292] New: SUMA has a problem with an old key next to a new one in 15.6 - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 1226110] After plasma upgrade...

[Bug 1224292] New: SUMA has a problem with an old key next to a new one in 15.6

older
[Bug 1225781] ansible lint...

bugzilla_noreply＠suse.com

15 May 2024 15 May '24

11:40

https://bugzilla.suse.com/show_bug.cgi?id=1224292 Bug ID: 1224292 Summary: SUMA has a problem with an old key next to a new one in 15.6 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: lubos.kocman@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- From Michael Calmer there is a problem with the 15.6 repo metadata: repomd.xml is signed, but not with the "repomd.xml.key" $> gpg --keyid-format=long --show-keys --with-fingerprint repomd.xml.key pub rsa2048/B88B2FD43DBDC284 2008-11-07 [SC] [expired: 2024-05-02] Key fingerprint = 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 uid openSUSE Project Signing Key $> gpg --verify repomd.xml.asc gpg: assuming signed data in 'repomd.xml' gpg: Signature made Sat 11 May 2024 02:01:32 AM CEST gpg: using RSA key 35A2F86E29B700A4 I think we switched the key, but we still put the old key next to it? Who can fix this? It break testing SUSE Manager and Uyuni -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.html (text/html — 3.0 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠suse.com

15 May 15 May

11:41

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 Lubos Kocman changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |lubos.kocman@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

11:53

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c1 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lubos.kocman@suse.com, | |meissner@suse.com Assignee|lubos.kocman@suse.com |adrian.schroeter@suse.com --- Comment #1 from Marcus Meissner --- yes, repomd.xml.key seems incorrect, (old one) Adrian, the 15.6 and openSUSE:Backports:SLE15-SP6 need to have the newer keys we also used for 15.5 and 15-SP5 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

14:12

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c2 --- Comment #2 from Adrian Schröter --- hm, the key is configured, but the public key file was missing on our main backend. Please try a rebuild for verification. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

16 May 16 May

07:07

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 Max Lin changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mlin@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

07:36

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c3 --- Comment #3 from Max Lin --- (In reply to Adrian Schröter from comment #2)

hm, the key is configured, but the public key file was missing on our main backend.

Please try a rebuild for verification.

that is Build695.1 and Build696.2 FYI -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

10:59

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c4 Lubos Kocman changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS Flags| |needinfo?(mc@suse.com) CC| |mc@suse.com --- Comment #4 from Lubos Kocman --- Michael can you please confirm that issue is fixed for your team? -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

11:24

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c5 Michael Calmer changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(mc@suse.com) | --- Comment #5 from Michael Calmer --- I still get the old key. $> curl -vvv -L -O https://download.opensuse.org/distribution/leap/15.6/repo/oss/repodata/repom... Connected to download.opensuse.org (2a07:de40:b250:131:10:151:131:30) port 443 (#0) ... * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 * ALPN: server accepted h2 * Server certificate: * subject: CN=mirrorcache.opensuse.org * start date: Apr 22 00:21:12 2024 GMT * expire date: Jul 21 00:21:11 2024 GMT * subjectAltName: host "download.opensuse.org" matched cert's "download.opensuse.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. } [5 bytes data] * using HTTP/2 * h2h3 [:method: GET] * h2h3 [:path: /distribution/leap/15.6/repo/oss/repodata/repomd.xml.key] * h2h3 [:scheme: https] * h2h3 [:authority: download.opensuse.org] * h2h3 [user-agent: curl/8.0.1] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x558cd07d77e0) } [5 bytes data]

GET /distribution/leap/15.6/repo/oss/repodata/repomd.xml.key HTTP/2 Host: download.opensuse.org user-agent: curl/8.0.1 accept: */* ... < HTTP/2 200 < date: Thu, 16 May 2024 11:20:56 GMT < server: Mojolicious (Perl) < cache-control: public, max-age=231 < content-disposition: inline;filename="repomd.xml.key" < content-length: 988

Content Length of 988 is the length of the old key. The new one should have more than 1024 It also does not look like it is using a mirror. No idea what happens -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

11:25

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c6 --- Comment #6 from Michael Calmer --- Also the Web Page show the size of the old key https://download.opensuse.org/distribution/leap/15.6/repo/oss/repodata/ -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

11:38

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c7 --- Comment #7 from Max Lin --- (In reply to Lubos Kocman from comment #4)

Michael can you please confirm that issue is fixed for your team?

we need to publish Build696.2(with newer repo metadata has uploaded to d.o.o) in case SUMA team be able to verify it with SUSE manager or uyuni... without a publishing, the alternative options are autobuild might can verify it on build service, or do a verification on https://openqa.opensuse.org/assets/repo/openSUSE-Leap-15.6-oss-Build696.2 (the asset repo on openqa has newer repodata). -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

11:45

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c8 --- Comment #8 from Max Lin --- $ cat ../media.1/media openSUSE - openSUSE-Leap-15.6-x86_64-aarch64-ppc64le-s390x-Build696.2-Media openSUSE-Leap-15.6-x86_64-aarch64-ppc64le-s390x-Build696.2 1 $ gpg --keyid-format=long --show-keys --with-fingerprint repomd.xml.key pub rsa2048/B88B2FD43DBDC284 2008-11-07 [SC] [expired: 2024-05-02] Key fingerprint = 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 uid openSUSE Project Signing Key $ gpg --verify repomd.xml.asc gpg: assuming signed data in 'repomd.xml' gpg: Signature made Thu 16 May 2024 02:26:21 PM CST gpg: using RSA key 35A2F86E29B700A4 gpg: Can't check signature: No public key this is what I get from Build696.2's asset repo on openqa, it has an old key still looks likely... -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

16:11

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c9 Adrian Schröter changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #9 from Adrian Schröter --- the new key is there now in Build696.3 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

17 May 17 May

12:51

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c10 Michael Calmer changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Status|RESOLVED |REOPENED --- Comment #10 from Michael Calmer --- Sorry, it is not fixed. https://download.opensuse.org/distribution/leap/15.6/repo/oss/repodata/ The repomd.xml* files are new deployed from yesterday May 16th. But the key file is still wrong. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

23 May 23 May

11:01

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c11 --- Comment #11 from Michael Calmer --- distribution/ is now fixed. The problem is still present for the "update" repositories. But as there is no update released yet, it could just be that it get's fixed with the first release of an update. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

10 Jun 10 Jun

08:04

New subject: [Bug 1224292] SUMA has a problem with an old key next to a new one in 15.6

https://bugzilla.suse.com/show_bug.cgi?id=1224292 https://bugzilla.suse.com/show_bug.cgi?id=1224292#c12 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED --- Comment #12 from Marcus Meissner --- should be fixed now. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

8

Age (days ago)

34

Last active (days ago)

Download

14 comments

1 participants

tags

participants (1)

bugzilla_noreply＠suse.com