search

ostreedev / ostree

Operating system and container binary deployment and upgrades
https://ostreedev.github.io/ostree/
Other
1.26k stars 291 forks source link

System-wide remote gpg homedir is not respected by `ostree show ...` #2390

Open RomanValov opened 3 years ago

RomanValov commented 3 years ago

On a vanilla fedora-iot image system-wide /etc/ostree/remotes.d configuration used to configure fedora-iot remote and gpg-homedir to be used (/etc/pki/rpm-gpg).

These gpg keys are considered by various ostree admin ... commands and by ostree pull command, but not by ostree show command:

[root@ostree ~]# ostree pull fedora-iot:fedora/stable/x86_64/iot

GPG: Verification enabled, found 1 signature:

  Signature made Mon Jun 28 15:27:09 2021 using RSA key ID 1161AE6945719A39
  Good signature from "Fedora <fedora-34-primary@fedoraproject.org>"
2 metadata, 0 content objects fetched; 788 B transferred in 1 seconds; 0 bytes content written
[root@ostree ~]# ostree show fedora-iot:fedora/stable/x86_64/iot
commit 0af775ea3146c32c7dd4a51cee78c9eb60da704035b9e3845a26469fea78bdc7
Parent:  58bcb3f5742dfe1390c71cf5903fe596bc51a54073e8e5642a2e55b88cbf029f
ContentChecksum:  eb0ba22801b4dc94f3816eebadc6f1892b258623316bc76aeeb85fb13ea57e64
Date:  2021-06-28 15:27:02 +0000
Version: 34.20210628.0
(no subject)

Found 1 signature:

  Signature made Mon Jun 28 15:27:09 2021 using RSA key ID 1161AE6945719A39
  Can't check signature: public key not found
pgedara commented 2 weeks ago

I'm facing the same issue on below environment for both pull and show commands.

[root@ip-172-31-94-118 ~]# cat /etc/os-release NAME="Rocky Linux" VERSION="9.4 (Blue Onyx)" ID="rocky" ID_LIKE="rhel centos fedora" VERSION_ID="9.4" PLATFORM_ID="platform:el9" PRETTY_NAME="Rocky Linux 9.4 (Blue Onyx)" ANSI_COLOR="0;32" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:rocky:rocky:9::baseos" HOME_URL="https://rockylinux.org/" BUG_REPORT_URL="https://bugs.rockylinux.org/" SUPPORT_END="2032-05-31" ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9" ROCKY_SUPPORT_PRODUCT_VERSION="9.4" REDHAT_SUPPORT_PRODUCT="Rocky Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.4" [root@ip-172-31-94-118 ~]#

`[root@ip-172-31-94-118 ~]# ostree --version libostree: Version: '2024.6' Git: 0b6d8d492d4c1cc1c0b7c366a1c5de2074a0911e Features:

  • inode64
  • initial-var
  • libcurl
  • libsoup
  • gpgme
  • composefs
  • ex-fsverity
  • libarchive
  • selinux
  • openssl
  • sign-ed25519
  • libmount
  • systemd
  • release
  • p2p `