StarlingX

build-image: aptly gpg key expired

Bug #2054862 reported by Davlet Panech on 2024-02-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Davlet Panech

Bug Description

Brief Description
-----------------
Aptly uses a GPG key to sign the its repos (specifically, to sign the "Release" file). That key expired on 2024-02-23 and causes various build failures that manifest themselves in different ways depending on what state your build environment is.

Severity
--------
Critical

Steps to Reproduce
------------------
Complete delete your build env (eg stx-init-env --reset-hard)
Do a full build: downloader, build-pkgs, build-iso.

Expected Behavior
------------------
All build steps succeed

Actual Behavior
----------------
Build fails with aptly GPG errors.

Reproducibility
---------------
Reproducible.

System Configuration
--------------------
N/A

Branch/Pull Time/Commit
-----------------------
master/2024-02-23

Last Pass
---------
master/2024-02-22

Timestamp/Logs
--------------
N/A

Test Activity
-------------
N/A

Workaround
----------
N/A

Tags:

Davlet Panech (dpanech) on 2024-02-24

Changed in starlingx:
assignee:	nobody → Davlet Panech (dpanech)

OpenStack Infra (hudson-openstack) on 2024-02-24

Changed in starlingx:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-24: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/910036
Committed: https://opendev.org/starlingx/tools/commit/14d5030d094040f5c5fdf83c52300a1f2791b8ac
Submitter: "Zuul (22348)"
Branch: master

commit 14d5030d094040f5c5fdf83c52300a1f2791b8ac
Author: Davlet Panech <email address hidden>
Date: Fri Feb 23 21:24:47 2024 -0500

aptly: update expired GPG key

Aptly repos are signed with a GPG key embedded in environment
containers. That key expired today (2024-02-23).

Replace key with a new one that does not expire at all.

    Partial-Bug: 2054862
    Signed-off-by: Davlet Panech <email address hidden>
    Change-Id: I41a5c7a785a23eb8c9546e99865ecf62faaf506a

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-24: Fix merged to root (master)

Reviewed: https://review.opendev.org/c/starlingx/root/+/910037
Committed: https://opendev.org/starlingx/root/commit/0b24411a7cc49f374a34a62e687530c550751f7f
Submitter: "Zuul (22348)"
Branch: master

commit 0b24411a7cc49f374a34a62e687530c550751f7f
Author: Davlet Panech <email address hidden>
Date: Fri Feb 23 21:26:33 2024 -0500

aptly: update expired GPG key

Aptly repos are signed with a GPG key embedded in environment
containers. That key expired today (2024-02-23).

Key was replaced with a new one [1]; update key fingerprint in this repo
to match.

[1] https://review.opendev.org/c/starlingx/tools/+/910036

    Depends-On: https://review.opendev.org/c/starlingx/tools/+/910036
    Partial-Bug: 2054862
    Signed-off-by: Davlet Panech <email address hidden>
    Change-Id: I7d20a1e7276796e694f837f004b8133e28ae5de4

Revision history for this message

Davlet Panech (dpanech) wrote on 2024-03-04:

Fixed in master branch; these commits need to be cherry picked to 8.0

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-04: Fix proposed to tools (r/stx.8.0)

Fix proposed to branch: r/stx.8.0
Review: https://review.opendev.org/c/starlingx/tools/+/910975

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-04: Fix proposed to root (r/stx.8.0)

Fix proposed to branch: r/stx.8.0
Review: https://review.opendev.org/c/starlingx/root/+/910976

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-07: Fix merged to tools (r/stx.8.0)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/910975
Committed: https://opendev.org/starlingx/tools/commit/0e7a19bfaa0632489876f4a6c674280f7eafcb79
Submitter: "Zuul (22348)"
Branch: r/stx.8.0

commit 0e7a19bfaa0632489876f4a6c674280f7eafcb79
Author: Davlet Panech <email address hidden>
Date: Fri Feb 23 21:24:47 2024 -0500

aptly: update expired GPG key

Aptly repos are signed with a GPG key embedded in environment
containers. That key expired today (2024-02-23).

Replace key with a new one that does not expire at all.

    Partial-Bug: 2054862
    Signed-off-by: Davlet Panech <email address hidden>
    Change-Id: I41a5c7a785a23eb8c9546e99865ecf62faaf506a
    (cherry picked from commit 14d5030d094040f5c5fdf83c52300a1f2791b8ac)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-07: Fix merged to root (r/stx.8.0)

Reviewed: https://review.opendev.org/c/starlingx/root/+/910976
Committed: https://opendev.org/starlingx/root/commit/f2c53eccaa3cdb823c9f2a6f0f47e117d50ce34e
Submitter: "Zuul (22348)"
Branch: r/stx.8.0

commit f2c53eccaa3cdb823c9f2a6f0f47e117d50ce34e
Author: Davlet Panech <email address hidden>
Date: Fri Feb 23 21:26:33 2024 -0500

aptly: update expired GPG key

Aptly repos are signed with a GPG key embedded in environment
containers. That key expired today (2024-02-23).

Key was replaced with a new one [1]; update key fingerprint in this repo
to match.

[1] https://review.opendev.org/c/starlingx/tools/+/910036

    Partial-Bug: 2054862
    Depends-On: https://review.opendev.org/c/starlingx/tools/+/910975
    Depends-On: https://review.opendev.org/c/starlingx/tools/+/910036
    Signed-off-by: Davlet Panech <email address hidden>
    Change-Id: I7d20a1e7276796e694f837f004b8133e28ae5de4
    (cherry picked from commit 0b24411a7cc49f374a34a62e687530c550751f7f)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-28: Fix proposed to root (f/kernel-6.6)

Fix proposed to branch: f/kernel-6.6
Review: https://review.opendev.org/c/starlingx/root/+/914617

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-28: Fix proposed to tools (f/kernel-6.6)

Fix proposed to branch: f/kernel-6.6
Review: https://review.opendev.org/c/starlingx/tools/+/914618

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-28: Fix merged to tools (f/kernel-6.6)

#10

Reviewed: https://review.opendev.org/c/starlingx/tools/+/914618
Committed: https://opendev.org/starlingx/tools/commit/efc6bacd2fd10ea2d16377dfc9a07839bdcefc92
Submitter: "Zuul (22348)"
Branch: f/kernel-6.6

commit efc6bacd2fd10ea2d16377dfc9a07839bdcefc92
Author: Davlet Panech <email address hidden>
Date: Fri Feb 23 21:24:47 2024 -0500

aptly: update expired GPG key

Aptly repos are signed with a GPG key embedded in environment
containers. That key expired today (2024-02-23).

Replace key with a new one that does not expire at all.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-28: Fix merged to root (f/kernel-6.6)

#11

Reviewed: https://review.opendev.org/c/starlingx/root/+/914617
Committed: https://opendev.org/starlingx/root/commit/f534e17eb0fd525e03b5e89a029ee1f32b2ab931
Submitter: "Zuul (22348)"
Branch: f/kernel-6.6

commit f534e17eb0fd525e03b5e89a029ee1f32b2ab931
Author: Davlet Panech <email address hidden>
Date: Fri Feb 23 21:26:33 2024 -0500

aptly: update expired GPG key

Aptly repos are signed with a GPG key embedded in environment
containers. That key expired today (2024-02-23).

Key was replaced with a new one [1]; update key fingerprint in this repo
to match.

[1] https://review.opendev.org/c/starlingx/tools/+/910036

Davlet Panech (dpanech) on 2024-06-06

Changed in starlingx:
status:	In Progress → Fix Committed

Ghada Khalil (gkhalil) on 2024-06-06

tags:	added: stx.build stx.too
tags:	added: stx.tools removed: stx.too
Changed in starlingx:
importance:	Undecided → High
status:	Fix Committed → Fix Released
tags:	added: stx.10
tags:	added: stx.8.0 stx.9.0 removed: stx.10

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.