search

nodesource / distributions

NodeSource Node.js Binary Distributions
https://nodesource.com
MIT License
13.49k stars 3.07k forks source link

[ERROR] Node.js 20.11.1 on RPM Installation fail #1776

Closed orgads closed 7 months ago

orgads commented 8 months ago

Describe your bug GPG check fails.

Distribution Information:

Node Version:

To Reproduce Steps to reproduce the behavior:

docker run --rm -it rockylinux:8.9.20231119 bash -c 'dnf install -y https://rpm.nodesource.com/pub_20.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm && dnf install -y nodejs --setopt=nodesource-nodejs.module_hotfixes=1'

Output

Rocky Linux 8 - AppStream                                                                                                                                                      18 MB/s |  11 MB     00:00
Rocky Linux 8 - BaseOS                                                                                                                                                        8.8 MB/s | 6.1 MB     00:00
Rocky Linux 8 - Extras                                                                                                                                                         62 kB/s |  14 kB     00:00
nodesource-release-nodistro-1.noarch.rpm                                                                                                                                      289 kB/s |  10 kB     00:00
Dependencies resolved.
==============================================================================================================================================================================================================
 Package                                                 Architecture                                Version                                          Repository                                         Size
==============================================================================================================================================================================================================
Installing:
 nodesource-release                                      noarch                                      nodistro-1                                       @commandline                                       10 k

Transaction Summary
==============================================================================================================================================================================================================
Install  1 Package

Total size: 10 k
Installed size: 4.8 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                      1/1
  Installing       : nodesource-release-nodistro-1.noarch                                                                                                                                                 1/1
  Verifying        : nodesource-release-nodistro-1.noarch                                                                                                                                                 1/1

Installed:
  nodesource-release-nodistro-1.noarch

Complete!
Nsolid Packages for Linux RPM based distros - x86_64                                                                                                                          1.4 MB/s | 176 kB     00:00
Node.js Packages for Linux RPM based distros - x86_64                                                                                                                         3.8 MB/s | 474 kB     00:00
Dependencies resolved.
==============================================================================================================================================================================================================
 Package                                          Architecture                        Version                                                            Repository                                      Size
==============================================================================================================================================================================================================
Installing:
 nodejs                                           x86_64                              2:20.11.1-1nodesource                                              nodesource-nodejs                               36 M
Installing dependencies:
 platform-python-pip                              noarch                              9.0.3-23.el8.rocky.0                                               baseos                                         1.6 M
 python3-pip                                      noarch                              9.0.3-23.el8.rocky.0                                               appstream                                       19 k
 python3-setuptools                               noarch                              39.2.0-7.el8                                                       baseos                                         162 k
 python36                                         x86_64                              3.6.8-38.module+el8.5.0+671+195e4563                               appstream                                       18 k
Enabling module streams:
 python36                                                                             3.6

Transaction Summary
==============================================================================================================================================================================================================
Install  5 Packages

Total download size: 38 M
Installed size: 111 M
Downloading Packages:
(1/5): python36-3.6.8-38.module+el8.5.0+671+195e4563.x86_64.rpm                                                                                                               286 kB/s |  18 kB     00:00
(2/5): python3-pip-9.0.3-23.el8.rocky.0.noarch.rpm                                                                                                                            269 kB/s |  19 kB     00:00
(3/5): platform-python-pip-9.0.3-23.el8.rocky.0.noarch.rpm                                                                                                                    9.9 MB/s | 1.6 MB     00:00
(4/5): python3-setuptools-39.2.0-7.el8.noarch.rpm                                                                                                                             1.0 MB/s | 162 kB     00:00
(5/5): nodejs-20.11.1-1nodesource.x86_64.rpm                                                                                                                                   12 MB/s |  36 MB     00:02
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                          12 MB/s |  38 MB     00:03
Node.js Packages for Linux RPM based distros - x86_64                                                                                                                         1.6 MB/s | 1.7 kB     00:00
Importing GPG key 0x9B1BE0B4:
 Userid     : "NSolid <nsolid-gpg@nodesource.com>"
 Fingerprint: 6F71 F525 2828 41EE DAF8 51B4 2F59 B5F9 9B1B E0B4
 From       : /etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Rocky Linux 8 - AppStream                                                                                                                                                     1.6 MB/s | 1.6 kB     00:00
Importing GPG key 0x6D745A60:
 Userid     : "Release Engineering <infrastructure@rockylinux.org>"
 Fingerprint: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
Key imported successfully
Public key for nodejs-20.11.1-1nodesource.x86_64.rpm is not installed. Failing package is: nodejs-2:20.11.1-1nodesource.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

Expected behavior It should work.

a-fes commented 7 months ago

Hello,

A few more things to add:

  1. Even though there's NODESOURCE-NODEJS-GPG-SIGNING-KEY-EL key available, it's never used. Instead, NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL is used for both nodesource-nsolid and nodesource-nodejs repos: 
    $ file /etc/pki/rpm-gpg/NODESOURCE-NODEJS-GPG-SIGNING-KEY-EL
/etc/pki/rpm-gpg/NODESOURCE-NODEJS-GPG-SIGNING-KEY-EL: PGP public key block Public-Key (old)
    
$ cat /etc/yum.repos.d/nodesource-nodistro.repo
[nodesource-nsolid]
name=Nsolid Packages for Linux RPM based distros - $basearch
baseurl=https://rpm.nodesource.com/pub_20.x/nodistro/nsolid/$basearch
priority=8
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL

[nodesource-nodejs] name=Node.js Packages for Linux RPM based distros - $basearch baseurl=https://rpm.nodesource.com/pub_20.x/nodistro/nodejs/$basearch priority=9 enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL


2. Nsolid key can't be imported on modern operating systems (e.g. RHEL 9 in my case) since SHA1 hash algorithm is deprecated:

$ sudo rpm --import /etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL warning: Signature not supported. Hash algorithm SHA1 not available. error: /etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL: key 1 import failed.

It is possible to import this key by updating security configuration but it's strongly discouraged.

3. Even after importing `NODESOURCE-NODEJS-GPG-SIGNING-KEY-EL` key manually, the package's signature can't be verified:

$ sudo rpm --import /etc/pki/rpm-gpg/NODESOURCE-NODEJS-GPG-SIGNING-KEY-EL

$ sudo rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' | grep -i node gpg-pubkey-34fa74dd-540237d4 --> NodeSource gpg-rpm@nodesource.com public key

$ sudo rpmkeys -K nodejs-20.11.1-1nodesource.x86_64.rpm nodejs-20.11.1-1nodesource.x86_64.rpm: digests SIGNATURES NOT OK



Thanks,
Andrii
userVF commented 7 months ago

The same issue with AlmaLinux 9.3 . How to solve this?

riosje commented 7 months ago

Hello guys @userVF @orgads I wanted to thanks for the detailed explanation and the steps to re-pro the issue.

First I want to let you know that we've updated our signing keys, so they are not anymore SHA1 but SHA256.

Where can you find the KEY? https://rpm.nodesource.com/gpgkey/ns-operations-public.key

Then how do you install Node now? let's use our script, this will setup everything for you.

curl -fsSL https://rpm.nodesource.com/setup_20.x | bash -
dnf install -y nodejs

USING DOCKER

docker run --rm -it rockylinux:8.9.20231119 bash -c 'curl -fsSL https://rpm.nodesource.com/setup_20.x | bash - && dnf install nodejs -y && node --version'

We know there is a lot of confusion since we've done several changes in past year, and we're so sorry for that. We will try to clean up a bit the docs and make it more user friendly.

userVF commented 6 months ago

Thank you very much. Installation works with new qpqkey that you provided.