[SERVER-26620] mongodb-org-*-3.2.10 rpms are unsigned Created: 13/Oct/16 Updated: 05/Apr/17 Resolved: 17/Oct/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Packaging |
| Affects Version/s: | 3.2.10 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Dan Locks | Assignee: | Sam Kleinman (Inactive) |
| Resolution: | Done | Votes: | 2 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Steps To Reproduce: | from a centos 7 machine: |
||||
| Sprint: | Evergreen 2016-10-31 | ||||
| Participants: | |||||
| Description |
|
The rpms for mongodb-org-server-3.2.10 and mongodb-org-tools-3.2.10 available from https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/ for for centos7 (el7, I think is the $releasever) are not signed. Perhaps the other packages as well, I did not check. The easy workaround is to add --nocheckgpg to the yum command, but that's insecure. Paranoia! Run! |
| Comments |
| Comment by Elias Elmqvist Wulcan [ 18/Oct/16 ] |
|
Thank you! |
| Comment by Sam Kleinman (Inactive) [ 17/Oct/16 ] |
|
Sorry for the confusion. I just repro'd this issue on RHEL7, it looks like unsigned package was only in the 7 repo and not in the 7Server repository that I had been testing previously, and had been consistent with previous reports. Although I haven't tested this extensively on CentOS, I think the difference stems from the expansion of $relaserver, being different on some CentOS and our RHEL test images, but I haven't explored this extensively. Regardless, I was able to rebuild the /7/ repository and have verified that the packages are now signed. Regards, |
| Comment by Ramon Fernandez Marina [ 17/Oct/16 ] |
|
e, we've been able to reproduce this issue on a different repo, so I've reopened the ticket. Apologies for the inconvenience. |
| Comment by Elias Elmqvist Wulcan [ 17/Oct/16 ] |
|
The issue persist at 2016-10-17T09 CEST |
| Comment by Sam Kleinman (Inactive) [ 14/Oct/16 ] |
|
Hi Dan, I've attempted to to reproduce this issue without any success. For a little background there was a bug (MAKE-106) that caused us to miss some errors around package signing. I've pushed a fix to this ( I'm going to go ahead and close this issue, but if this issue persists, please let us know. Cheers, |
| Comment by Ramon Fernandez Marina [ 14/Oct/16 ] |
|
Thanks for your report dwlocks, we're looking into this issue – we'll post updates to this ticket when we have them. Cheers, |