Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SUSE repository lacks the repomd.xml.key #178

Open
sjvudp opened this issue Mar 25, 2020 · 2 comments
Open

SUSE repository lacks the repomd.xml.key #178

sjvudp opened this issue Mar 25, 2020 · 2 comments
Assignees
@htriem
Labels
infrastructure rpm Directly concerns rpm package format

Comments

@sjvudp
Copy link

sjvudp commented Mar 25, 2020

Describe the bug

The repository at https://packages.icinga.com/SUSE/12.4/release/ lacks the repomd.xml.key used to check the authentic repomd.xml.asc (and in turn repomd.xml).

To Reproduce

See https://packages.icinga.com/SUSE/12.4/release/repodata/

Expected behavior

The repository should be built in a standard way, maybe following https://www.suse.com/c/creating-yum-repository-and-publishing-it-smt/

Screenshots

...

Your Environment

Last seen 2020-03-25.

Additional context

While getting the sign key, I found that it's rather difficult to verify the key's fingerprint. Also, security-wise using a self-signed GPG key is a poor decision. Probably that key from 2013 should be replaced anyway as it's still using SHA-1 as hash.

For an example of a better management of the keys being used, see https://www.qubes-os.org/security/verifying-signatures/ maybe.
@N-o-X N-o-X transferred this issue from Icinga/icinga2 Mar 25, 2020
@N-o-X N-o-X added the os/suse openSUSE or SLES packaging. Check the supported versions! label Mar 25, 2020
@Al2Klimov
Copy link
Member

Hello @htriem!

Any news from your side?

Best,
AK

@htriem
Copy link
Contributor

htriem commented Sep 8, 2021
edited
Loading

All of our RPM repos lack the mentioned key.
Still, that's something we have to have a look at in our packaging overhaul.

@htriem htriem added infrastructure rpm Directly concerns rpm package format and removed os/suse openSUSE or SLES packaging. Check the supported versions! labels Sep 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@htriem htriem

Labels
infrastructure rpm Directly concerns rpm package format
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Al2Klimov @sjvudp @N-o-X @htriem