Обсуждение: Re: Non-signed packages in PostgreSQL 14 repo for RHEL 9

Поиск
Список
Период
Сортировка

Re: Non-signed packages in PostgreSQL 14 repo for RHEL 9

От
Magnus Hagander
Дата:
Hi!

Forwarding this one to the RPM maintrainers.

//Magnus

On Wed, Apr 17, 2024 at 8:58 AM <gunnar.a.andersson@trafikverket.se> wrote:

Hi,

 

I’m not sure where to forward this to, since it’s not a bug in PostgreSQL, per se.

But I noticed that there are unsigned packages in this repository: https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/

I’m using reposync (reposync(1) - Linux manual page (man7.org)) to mirror the repository but it fails with –gpgcheck since there are unsigned packages.

This is the GPG key I’m using to verify the packages: https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL

Every other package in the repository is signed and works as expected.

 

Output from reposync:

(946/952): postgis33_14-devel-3.3.6-3PGDG.rhel9  23 kB/s | 8.9 kB     00:00   

(947/952): postgis33_14-client-3.3.6-3PGDG.rhel 569 kB/s | 293 kB     00:00   

(948/952): postgis33_14-3.3.6-3PGDG.rhel9.x86_6 5.6 MB/s | 4.0 MB     00:00   

(949/952): postgis33_14-gui-3.3.6-3PGDG.rhel9.x 943 kB/s | 211 kB     00:00   

(950/952): postgis33_14-docs-3.3.6-3PGDG.rhel9.  10 MB/s | 4.8 MB     00:00   

(951/952): postgis33_14-llvmjit-3.3.6-3PGDG.rhe 9.4 MB/s | 1.1 MB     00:00   

(952/952): postgis33_14-utils-3.3.6-3PGDG.rhel9 345 kB/s |  43 kB     00:00   

Removing postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed

Error: GPG signature check failed.

 

Best regards,

Gunnar Andersson,

Trafikverket


Re: Non-signed packages in PostgreSQL 14 repo for RHEL 9

От
Devrim Gündüz
Дата:

Hi,

Apologies for the inconvenience. A network issue delayed this.

Should be fixed now.

Regards, Devrim

On Wed, 2024-04-17 at 09:03 +0200, Magnus Hagander wrote:
> Hi!
>
> Forwarding this one to the RPM maintrainers.
>
> //Magnus
>
> On Wed, Apr 17, 2024 at 8:58 AM <gunnar.a.andersson@trafikverket.se>
> wrote:
>
> > Hi,
> >
> >
> >
> > I’m not sure where to forward this to, since it’s not a bug in
> > PostgreSQL,
> > per se.
> >
> > But I noticed that there are unsigned packages in this repository:
> > https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/
> >
> > I’m using reposync (reposync(1) - Linux manual page (man7.org)
> > <https://www.man7.org/linux/man-pages/man1/reposync.1.html>) to
> > mirror
> > the repository but it fails with –gpgcheck since there are unsigned
> > packages.
> >
> > This is the GPG key I’m using to verify the packages:
> > https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL
> >
> > Every other package in the repository is signed and works as
> > expected.
> >
> >
> >
> > Output from reposync:
> >
> > (946/952): postgis33_14-devel-3.3.6-3PGDG.rhel9  23 kB/s | 8.9 kB
> > 00:00
> >
> > (947/952): postgis33_14-client-3.3.6-3PGDG.rhel 569 kB/s | 293 kB
> > 00:00
> >
> > (948/952): postgis33_14-3.3.6-3PGDG.rhel9.x86_6 5.6 MB/s | 4.0 MB
> > 00:00
> >
> > (949/952): postgis33_14-gui-3.3.6-3PGDG.rhel9.x 943 kB/s | 211 kB
> > 00:00
> >
> > (950/952): postgis33_14-docs-3.3.6-3PGDG.rhel9.  10 MB/s | 4.8 MB
> > 00:00
> >
> > (951/952): postgis33_14-llvmjit-3.3.6-3PGDG.rhe 9.4 MB/s | 1.1 MB
> > 00:00
> >
> > (952/952): postgis33_14-utils-3.3.6-3PGDG.rhel9 345 kB/s |  43 kB
> > 00:00
> >
> > Removing postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Removing postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Removing postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Removing postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Removing postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Removing postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Removing postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm: Package
> > postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
> >
> > Error: GPG signature check failed.
> >
> >
> >
> > Best regards,
> >
> > Gunnar Andersson,
> >
> > Trafikverket
> >

--
Devrim Gündüz
Open Source Solution Architect, PostgreSQL Major Contributor
Twitter: @DevrimGunduz , @DevrimGunduzTR