fluentd icon indicating copy to clipboard operation
fluentd copied to clipboard
verified publisher icon fluent

fluentd package not signed for rocky linux 9

Open henri9813 opened this issue 8 months ago • 1 comments

Describe the bug

Hello, the rpm is not signed.

Is it normal ?

To Reproduce

I installed the fluentd package using the repo

[fluent-package-lts] name=Fluentd Project baseurl=https://packages.treasuredata.com/lts/5/redhat/$releasever/$basearch enabled=1 gpgcheck=1 gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent https://packages.treasuredata.com/GPG-KEY-fluent-package

But after install

# dnf info fluent-package
Last metadata expiration check: 0:00:04 ago on Tue Apr 22 00:02:42 2025.
Installed Packages
Name         : fluent-package
Version      : 5.0.6
Release      : 1.el9
Architecture : x86_64
Size         : 66 M
Source       : fluent-package-5.0.6-1.el9.src.rpm
Repository   : @System
From repo    : fluent-package-lts
Summary      : All in one package of Fluentd
URL          : https://docs.fluentd.org/
License      : ASL 2.0
Description  : The stable distribution of Fluentd, formerly known as td-agent.

# rpm -q --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH} => GPG: %{SIGGPG:pgpsig}\n' fluent-package
fluent-package-5.0.6-1.el9.x86_64 => GPG: (none)

The package is not signed at all.


GPG key at https://packages.treasuredata.com/GPG-KEY-fluent-package (0x43FA320E) is already installed
The GPG keys listed for the "fluentd" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: fluent-package-5.0.6-1.el9.x86_64
 GPG Keys are configured as: https://packages.treasuredata.com/GPG-KEY-fluent-package
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
# ls
fluent-package-5.0.6-1.el9.x86_64.rpm

Expected behavior

The package should be signed.

Your Environment

- Fluentd version: 1.16.7
- TD Agent version: ?
- Fluent Package version: 5.0.6
- Docker image (tag):
- Operating system: Rocky linux 9
- Kernel version: 5.14.0-503.15.1.el9_5.x86_64

Your Configuration

Rocky linux 9

Your Error Log

esfes

Additional context

No response

henri9813 avatar Apr 23 '25 13:04 henri9813

@henri9813 Sorry for our late response.

fluent-package is signed. We can check it by rpm --checksig.

$ dnf download https://s3.amazonaws.com/packages.treasuredata.com/lts/5/redhat/9/x86_64/fluent-package-5.0.6-1.el9.x86_64.rpm
$ rpm -qpi fluent-package-5.0.6-1.el9.x86_64.rpm
Name        : fluent-package
Version     : 5.0.6
Release     : 1.el9
Architecture: x86_64
Install Date: (not installed)
Group       : Unspecified
Size        : 69612946
License     : ASL 2.0
Signature   : RSA/SHA256, Mon Feb 10 05:21:17 2025, Key ID 901f9177ab97acbe
Source RPM  : fluent-package-5.0.6-1.el9.src.rpm
Build Date  : Mon Feb 10 02:43:28 2025
Build Host  : e410b4b875bf
URL         : https://docs.fluentd.org/
Summary     : All in one package of Fluentd
Description :
The stable distribution of Fluentd, formerly known as td-agent.
$ rpm --checksig fluent-package-5.0.6-1.el9.x86_64.rpm
fluent-package-5.0.6-1.el9.x86_64.rpm: digests signatures OK

I don't know what is %{SIGGPG:pgpsig}. Should this show some signature info? Can this be used if the header includes signature info? Is there anything wrong with the header not having that information?

daipom avatar Jun 04 '25 02:06 daipom

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 7 days

github-actions[bot] avatar Jul 04 '25 10:07 github-actions[bot]

This issue was automatically closed because of stale in 7 days

github-actions[bot] avatar Jul 11 '25 10:07 github-actions[bot]