Bug 3423 - urpmi checks wrong packages for signatures
: urpmi checks wrong packages for signatures
Status: CONFIRMED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Low minor
: ---
Assigned To: Denis Silakov
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-16 15:50 MSK by Alexander Burmashev
Modified: 2015-05-25 21:11 MSD (History)
1 user (show)

See Also:
RPM Package: urpmi
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Burmashev 2013-12-16 15:50:41 MSK
If you have multiple repositories enabled with the same packages there ( same name-version-release ), urpmi will download both of them, but in some cases will check wrong package for a signature and report a sig check error.
For example
http://file-store.rosalinux.ru/api/v1/file_stores/b811be5792bf2c5877617d0f0cfc99834e6bb1f5.log?show=true

lib64freebl3-3.15.3.1-1-rosa2012.1.x86_64.rpm is downloaded from BOTH updates and testing, and package from testing is reported as having a wrong signature ( while packages from testing should not be signed with imported key at all ).
Comment 1 Stanislav Fomin 2015-04-15 18:32:44 MSD
Надо перетестировать под RED, и либо
* закрыть, если не воспроизводится
* либо приложить свежие свидетельства, будем разбираться.
Comment 2 Denis Silakov 2015-04-15 18:44:49 MSD
The issue is still valid. But we don't consider this issue to be crucial. In official ROSA repositories, we shouldn't have package with the same name in different repositories.