Обсуждение: Re: Non-signed packages in PostgreSQL 14 repo for RHEL 9
Hi,
I’m not sure where to forward this to, since it’s not a bug in PostgreSQL, per se.
But I noticed that there are unsigned packages in this repository: https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/
I’m using reposync (reposync(1) - Linux manual page (man7.org)) to mirror the repository but it fails with –gpgcheck since there are unsigned packages.
This is the GPG key I’m using to verify the packages: https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL
Every other package in the repository is signed and works as expected.
Output from reposync:
(946/952): postgis33_14-devel-3.3.6-3PGDG.rhel9 23 kB/s | 8.9 kB 00:00
(947/952): postgis33_14-client-3.3.6-3PGDG.rhel 569 kB/s | 293 kB 00:00
(948/952): postgis33_14-3.3.6-3PGDG.rhel9.x86_6 5.6 MB/s | 4.0 MB 00:00
(949/952): postgis33_14-gui-3.3.6-3PGDG.rhel9.x 943 kB/s | 211 kB 00:00
(950/952): postgis33_14-docs-3.3.6-3PGDG.rhel9. 10 MB/s | 4.8 MB 00:00
(951/952): postgis33_14-llvmjit-3.3.6-3PGDG.rhe 9.4 MB/s | 1.1 MB 00:00
(952/952): postgis33_14-utils-3.3.6-3PGDG.rhel9 345 kB/s | 43 kB 00:00
Removing postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Removing postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Removing postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Removing postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Removing postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Removing postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Removing postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed
Error: GPG signature check failed.
Best regards,
Gunnar Andersson,
Trafikverket
Hi, Apologies for the inconvenience. A network issue delayed this. Should be fixed now. Regards, Devrim On Wed, 2024-04-17 at 09:03 +0200, Magnus Hagander wrote: > Hi! > > Forwarding this one to the RPM maintrainers. > > //Magnus > > On Wed, Apr 17, 2024 at 8:58 AM <gunnar.a.andersson@trafikverket.se> > wrote: > > > Hi, > > > > > > > > I’m not sure where to forward this to, since it’s not a bug in > > PostgreSQL, > > per se. > > > > But I noticed that there are unsigned packages in this repository: > > https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/ > > > > I’m using reposync (reposync(1) - Linux manual page (man7.org) > > <https://www.man7.org/linux/man-pages/man1/reposync.1.html>) to > > mirror > > the repository but it fails with –gpgcheck since there are unsigned > > packages. > > > > This is the GPG key I’m using to verify the packages: > > https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL > > > > Every other package in the repository is signed and works as > > expected. > > > > > > > > Output from reposync: > > > > (946/952): postgis33_14-devel-3.3.6-3PGDG.rhel9 23 kB/s | 8.9 kB > > 00:00 > > > > (947/952): postgis33_14-client-3.3.6-3PGDG.rhel 569 kB/s | 293 kB > > 00:00 > > > > (948/952): postgis33_14-3.3.6-3PGDG.rhel9.x86_6 5.6 MB/s | 4.0 MB > > 00:00 > > > > (949/952): postgis33_14-gui-3.3.6-3PGDG.rhel9.x 943 kB/s | 211 kB > > 00:00 > > > > (950/952): postgis33_14-docs-3.3.6-3PGDG.rhel9. 10 MB/s | 4.8 MB > > 00:00 > > > > (951/952): postgis33_14-llvmjit-3.3.6-3PGDG.rhe 9.4 MB/s | 1.1 MB > > 00:00 > > > > (952/952): postgis33_14-utils-3.3.6-3PGDG.rhel9 345 kB/s | 43 kB > > 00:00 > > > > Removing postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Removing postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Removing postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Removing postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Removing postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Removing postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Removing postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > > postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > > > Error: GPG signature check failed. > > > > > > > > Best regards, > > > > Gunnar Andersson, > > > > Trafikverket > > -- Devrim Gündüz Open Source Solution Architect, PostgreSQL Major Contributor Twitter: @DevrimGunduz , @DevrimGunduzTR