Bug 10458

Summary: rpm: backport w/a of MD5 hashes sizes to rosa2014.1
Product: [ROSA-based products] ROSA Fresh Reporter: Mikhail Novosyolov <m.novosyolov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: High CC: alzim, andrey.bondrov, v.potapov
Version: AllFlags: v.potapov: qa_verified+
alzim: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Mikhail Novosyolov 2020-02-15 19:46:52 MSK 
******** QA ADVISORY *********

Backport of the workaround of the bug#10204 to rosa2014.1
to enable installing newly published packages which are sighed with rpm4.

https://abf.io/build_lists/3205583
https://abf.io/build_lists/3205584

Publish to main/release and sign it manually!!!
Comment 1 Vladimir Potapov 2020-02-15 20:04:09 MSK 
"не удалось установить, неверные  rpm-файлы"
Comment 2 Mikhail Novosyolov 2020-02-15 20:08:54 MSK 
(In reply to Vladimir Potapov from comment #1)
> "не удалось установить, неверные  rpm-файлы"

Это про что?
Comment 3 Mikhail Novosyolov 2020-02-15 20:10:50 MSK 
(In reply to Mikhail Novosyolov from comment #0)

> Publish to main/release and sign it manually!!!

* main/updates
Comment 4 Vladimir Potapov 2020-02-15 20:53:53 MSK 
rpm-5.4.10-69
https://abf.io/build_lists/3205583
https://abf.io/build_lists/3205584
**************************** Advisory ******************************
Backport of the workaround of the bug#10204 to rosa2014.1
to enable installing newly published packages which are sighed with rpm4.
*********************************************************************
QA Verified

Publish to main/release and sign it manually!!!
Comment 5 Vladimir Potapov 2020-02-15 20:54:20 MSK 
(In reply to Vladimir Potapov from comment #4)
> Publish to main/release and sign it manually!!!

* main/updates
Comment 6 Andrey Bondrov 2020-02-16 14:21:45 MSK 
> Publish to main/release and sign it manually!!!

Was it done? I mean "sign it manually" part.
Comment 7 Mikhail Novosyolov 2020-02-16 14:48:26 MSK 
(In reply to Andrey Bondrov from comment #6)
> > Publish to main/release and sign it manually!!!
> 
> Was it done? I mean "sign it manually" part.

Publisher has been switched back to rpm5 to sign mdv packages:
https://github.com/OpenMandrivaSoftware/rosa-publish-worker/commit/d88f7ac05917550eff29fb680cc35f8dc324968a
So, during Alzim's publication, it should have been signed by rpm5.
Comment 8 Mikhail Novosyolov 2020-02-16 15:02:51 MSK 
Но вообще, конечно, прежде, чем публиковать, надо читать, что написано. Тут чисто случайно не возникло проблем.