search

ostreedev / ostree

Operating system and container binary deployment and upgrades
https://ostreedev.github.io/ostree/
Other
1.27k stars 292 forks source link

unable to pull commit metadata when GPG verification enabled and deltas in use #518

Open miabbott opened 7 years ago

miabbott commented 7 years ago

Using a new CentOS Vagrant box, I tried to pull just the commit metadata and it failed with a GPG error. When I disabled GPG verification, I was able to pull the metadata, although it looked like it had transferred all the delta parts.

-bash-4.2# rpm-ostree status
State: idle
Deployments:
● centos-atomic-host:centos-atomic-host/7/x86_64/standard
       Version: 7.20160818 (2016-08-18 14:28:07)
        Commit: 709bfd3c4d9274c32bc3b691d642a3f95431136ec1a6b32e4cd5a13764647ba1
        OSName: centos-atomic-host
  GPGSignature: 1 signature
                Signature made Thu 18 Aug 2016 02:39:07 PM UTC using RSA key ID F17E745691BA8335
                Good signature from "CentOS Atomic SIG <security@centos.org>"
-bash-4.2# cat /etc/ostree/remotes.d/centos-atomic-host.conf 
[remote "centos-atomic-host"]
url=http://mirror.centos.org/centos/7/atomic/x86_64/repo
branches=centos-atomic-host/7/x86_64/standard;
gpg-verify=true
-bash-4.2# ostree pull --commit-metadata-only --depth=-1 centos-atomic-host:centos-atomic-host/7/x86_64/standard

error: GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable)
-bash-4.2# sed -i 's|false|true|' /etc/ostree/remotes.d/centos-atomic-host.conf
-bash-4.2# ostree pull --commit-metadata-only --depth=-1 centos-atomic-host:centos-atomic-host/7/x86_64/standard

8 delta parts, 9 loose fetched; 122531 KiB transferred in 15 seconds                                     
-bash-4.2# sed -i 's|true|false|' /etc/ostree/remotes.d/centos-atomic-host.conf                          
-bash-4.2# rpm-ostree upgrade
Updating from: centos-atomic-host:centos-atomic-host/7/x86_64/standard
1 metadata, 0 content objects fetched; 313 B transferred in 0 seconds
Copying /etc changes: 32 modified, 8 removed, 38 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Changed:
  NetworkManager 1:1.0.6-30.el7_2 -> 1:1.0.6-31.el7_2
  NetworkManager-libnm 1:1.0.6-30.el7_2 -> 1:1.0.6-31.el7_2
  device-mapper-multipath 0.4.9-85.el7_2.5 -> 0.4.9-85.el7_2.6
  device-mapper-multipath-libs 0.4.9-85.el7_2.5 -> 0.4.9-85.el7_2.6
  dnsmasq 2.66-14.el7_1 -> 2.66-14.el7_2.1
  docker 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
  docker-common 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
  docker-latest 1.10.3-46.el7.centos.10 -> 1.12.1-2.el7.centos
  docker-lvm-plugin 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
  docker-novolume-plugin 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
  docker-selinux 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
  etcd 2.3.7-2.el7 -> 2.3.7-4.el7
  kernel 3.10.0-327.28.2.el7 -> 3.10.0-327.36.1.el7
  kmod 20-5.el7 -> 20-8.el7_2
  kmod-libs 20-5.el7 -> 20-8.el7_2
  kpartx 0.4.9-85.el7_2.5 -> 0.4.9-85.el7_2.6
  libarchive 3.1.2-7.el7 -> 3.1.2-10.el7_2
  libgudev1 219-19.el7_2.12 -> 219-19.el7_2.13
  oci-register-machine 1:0-1.7.git31bbcd2.el7 -> 1:0-1.8.gitaf6c129.el7
  python 2.7.5-34.el7 -> 2.7.5-39.el7_2
  python-libs 2.7.5-34.el7 -> 2.7.5-39.el7_2
  python-perf 3.10.0-327.28.2.el7 -> 3.10.0-327.36.1.el7
  selinux-policy 3.13.1-60.el7_2.7 -> 3.13.1-63.atomic.el7.7
  selinux-policy-targeted 3.13.1-60.el7_2.7 -> 3.13.1-63.atomic.el7.7
  systemd 219-19.el7_2.12 -> 219-19.el7_2.13
  systemd-libs 219-19.el7_2.12 -> 219-19.el7_2.13
  systemd-sysv 219-19.el7_2.12 -> 219-19.el7_2.13
  tuned 2.5.1-4.el7_2.3 -> 2.5.1-4.el7_2.6
  tuned-profiles-atomic 2.5.1-4.el7_2.3 -> 2.5.1-4.el7_2.6
Run "systemctl reboot" to start a reboot
-bash-4.2# rpm-ostree status
State: idle
Deployments:
  centos-atomic-host:centos-atomic-host/7/x86_64/standard
       Version: 7.20160920 (2016-09-20 16:46:56)
        Commit: 54ab8ab29b51eabb82e78932d12a16b16170051dcc983714e7ff11bc8f1deaf0
        OSName: centos-atomic-host
  GPGSignature: 1 signature
                Signature made Tue 20 Sep 2016 05:05:27 PM UTC using RSA key ID F17E745691BA8335
                Good signature from "CentOS Atomic SIG <security@centos.org>"

● centos-atomic-host:centos-atomic-host/7/x86_64/standard
       Version: 7.20160818 (2016-08-18 14:28:07)
        Commit: 709bfd3c4d9274c32bc3b691d642a3f95431136ec1a6b32e4cd5a13764647ba1
        OSName: centos-atomic-host
  GPGSignature: 1 signature
                Signature made Thu 18 Aug 2016 02:39:07 PM UTC using RSA key ID F17E745691BA8335
                Good signature from "CentOS Atomic SIG <security@centos.org>"
miabbott commented 7 years ago

Might be a dupe of #517 but wanted to file it anyways