azurelinux
azurelinux copied to clipboard
microsoft
Mariner doesn't trust Microsoft repo GPG keys
Mariner by default doesn't trust GPG keys of its built-in repos:
/etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY/etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY
tdnf will prompt the user to import keys:
> docker run -it --rm cblmariner2preview.azurecr.io/base/core:2.0 bash
root [ / ]# tdnf install vim
Loaded plugin: tdnfrepogpgcheck
Refreshing metadata for: 'CBL-Mariner Official Extended Preview 2.0 x86_64'
Refreshing metadata for: 'CBL-Mariner Official Preview 2.0 x86_64'
Refreshing metadata for: 'CBL-Mariner Official Extras Preview 2.0 x86_64'
Refreshing metadata for: 'CBL-Mariner Official Microsoft Preview 2.0 x86_64'
mariner-official-microsoft-preview 1370 100%
Installing:
vim x86_64 8.2.4233-1.cm2 mariner-preview 3.42M 3585803
Total installed size: 3.42M 3585803
Is this ok [y/N]: y
Downloading:
vim 1769540 100%
importing key from file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
Is this ok [y/N]: y
importing key from file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY
Is this ok [y/N]: y
Testing transaction
Running transaction
Installing/Updating: vim-8.2.4233-1.cm2.x86_64
Complete!
See https://www.redhat.com/sysadmin/rpm-gpg-verify-packages
Hi, @jiasli! Thanks for mentioning this, #2640 should fix the issue in the next 2.0 preview release.
I noticed this issue still exists in the latest Mariner 2.0 image:
> docker run -it --rm mcr.microsoft.com/cbl-mariner/base/core:2.0 bash
# tdnf install python3
...
importing key from file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
Is this ok [y/N]: y
importing key from file:///etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY
Is this ok [y/N]: y
We have documented an internal bug and the development team has been assigned to address the issue. In the interim, we will mark this issue as closed.
