On 08/11/2017 03:44 AM, Kevin Fenzi wrote:
Sadly we ran into a problem...
as soon as the new rpm was in the rawhide buildroot and builds were made with
it, things started piling up in f27-pending (the tag things land in after build
so the autosigner can sign them and move them to f27).
It seems old rpm cannot read headers of rpms made with the new version,
resulting in no signing. ;(
and untagged rpm 4.14 and all the things built after it landed in the
buildroot. Those things will need to be built again now. ;(
The full story is in https://bugzilla.redhat.com/show_bug.cgi?id=1480407
but to summarize, this is actually a bug in rpm 4.13.x which is not
ignoring unknown signature header tag like it should, older rpm versions
are not affected. Also the bug only affects signature checking with
rpmkeys -K, packages can still be installed and even signed without
Rpm 4.13 needs to be updated in all active Fedora versions to correctly
cope with it but that's going to take time and is not something I want
to rush. So for the time being, I've disabled generation of the
troublesome SHA256 header-only digest in 4.14 to be able to move on with
it. We'll re-enable it once the updates to older versions have been
completed, but there's no urgency to that now.
Apologies for the entirely unexpected hickup :-/
- Panu -
devel mailing list -- firstname.lastname@example.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org