Fuel for OpenStack

Repository signing for 7.0 repositories seems to be inconsistent

Bug #1519791 reported by Vladimir Kuklin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
High
Dmitry Burmistrov
Fuel for OpenStack 7.0-updates

Bug Description

According to the following GPG output, we have inconsistent signing for 7.0 repositories. We need to triage this and figure out whether the proper keys are imported into apt keyring during the provisioning. If the keys are imported, we need to figure out how to adjust our current repo to have properly signed release files.

$ gpg --verify mos7.0/Release.gpg mos7.0/Release
gpg: Signature made Mon 23 Nov 2015 07:07:26 PM UTC using RSA key ID 3E301371
gpg: Good signature from "Mirantis Release (Signing key for Mirantis.com) <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 59BD 71B8 B76F 5BD3 683B DC48 CA2B 2048 3E30 1371

$ gpg --verify mos7.0-holdback/Release.gpg mos7.0-holdback/Release
gpg: Signature made Mon 23 Nov 2015 07:07:26 PM UTC using RSA key ID 3E301371
gpg: Good signature from "Mirantis Release (Signing key for Mirantis.com) <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 59BD 71B8 B76F 5BD3 683B DC48 CA2B 2048 3E30 1371

$ gpg --verify mos7.0-updates/Release.gpg mos7.0-updates/Release
gpg: Signature made Mon 23 Nov 2015 07:07:26 PM UTC using RSA key ID 3E301371
gpg: Good signature from "Mirantis Release (Signing key for Mirantis.com) <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 59BD 71B8 B76F 5BD3 683B DC48 CA2B 2048 3E30 1371

$ gpg --verify mos7.0-security/Release.gpg mos7.0-security/Release
gpg: Signature made Mon 23 Nov 2015 07:07:26 PM UTC using RSA key ID 3E301371
gpg: Good signature from "Mirantis Release (Signing key for Mirantis.com) <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 59BD 71B8 B76F 5BD3 683B DC48 CA2B 2048 3E30 1371

Tags: area-build
Vladimir Kuklin (vkuklin)
Changed in fuel:
assignee: nobody → Fuel build team (fuel-build)
Roman Vyalov (r0mikiam)
Changed in fuel:
assignee: Fuel build team (fuel-build) → Dmitry Burmistrov (dburmistrov)
Roman Vyalov (r0mikiam)
tags: removed: area-ci
Revision history for this message
Roman Vyalov (r0mikiam) wrote :

decrease priority to medium, because gpg check dont support during deploy of nodes. related bug https://bugs.launchpad.net/fuel/+bug/1500842

Changed in fuel:
importance: High → Medium
Roman Vyalov (r0mikiam)
Changed in fuel:
importance: Medium → High
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to infra/mirrors (stable/7.0)

Fix proposed to branch: stable/7.0
Change author: Dmitry Burmistrov <email address hidden>
Review: https://review.fuel-infra.org/14239

Changed in fuel:
status: Confirmed → In Progress
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to infra/mirrors (stable/7.0)

Reviewed: https://review.fuel-infra.org/14239
Submitter: Dmitry Burmistrov <email address hidden>
Branch: stable/7.0

Commit: 149450199de0ad30bbf84afbb4d7d63086f0fb99
Author: Dmitry Burmistrov <email address hidden>
Date: Thu Nov 26 12:39:43 2015

[7.0][patching][deb] Fix repo signing

Change-Id: I42f53dfc8bb42515711b7130b9e725e0b227c85f
Closes-Bug: #1519791

Changed in fuel:
status: In Progress → Fix Committed
Dmitry Pyzhov (dpyzhov)
tags: removed: area-python
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.