dnf5 icon indicating copy to clipboard operation
dnf5 copied to clipboard

Published 20 hours ago verified publisher icon rpm-software-management

Crash if repo_gpgcheck=1 and gpgkey is set to a nonexistent file

Open ppisar opened this issue 1 year ago • 3 comments

Having a repository configured like:

[test] name=test baseurl=file:///root/repos/test/ enabled=0 gpgcheck=0 repo_gpgcheck=1 metadata_expire=5m gpgkey=file:///root/repos/test/key

but /root/repos/test/key file not exisiting, "dnf5 --enablerepo=test upgrade" crashes like this:

Updating and loading repositories:
 test                                                                                                                                                                     100% |   0.0   B/s |   1.7 KiB |  00m00s
>>> Librepo error: repomd.xml GPG signature verification error: Signing key not foundterminate called without an active exception
Aborted (core dumped)

a the backtrace is:

Stack trace of thread 44109:
#0  0x00007f7fbe680724 __pthread_kill_implementation (libc.so.6 + 0x72724)
#1  0x00007f7fbe627d0e raise (libc.so.6 + 0x19d0e)
#2  0x00007f7fbe60f942 abort (libc.so.6 + 0x1942)
#3  0x00007f7fbe8a5da9 _ZN9__gnu_cxx27__verbose_terminate_handlerEv.cold (libstdc++.so.6 + 0xa5da9)
#4  0x00007f7fbe8b7c2c _ZN10__cxxabiv111__terminateEPFvvE (libstdc++.so.6 + 0xb7c2c)
#5  0x00007f7fbe8a5951 _ZSt9terminatev (libstdc++.so.6 + 0xa5951)
#6  0x00007f7fbec5f7a9 _ZN7libdnf54repo8RepoSack4Impl21update_and_load_reposERNS0_9RepoQueryEb.constprop.0.cold (libdnf5.so.2 + 0x5f7a9)
#7  0x00007f7fbed2d9f4 _ZN7libdnf54repo8RepoSack10load_reposEv (libdnf5.so.2 + 0x12d9f4)
#8  0x000055a414685152 _ZN4dnf57Context4Impl10load_reposEb (dnf5 + 0xcc152)
#9  0x000055a4145f31df main (dnf5 + 0x3a1df)
#10 0x00007f7fbe611248 __libc_start_call_main (libc.so.6 + 0x3248)
#11 0x00007f7fbe61130b __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x330b)
#12 0x000055a4145f5b65 _start (dnf5 + 0x3cb65)

Stack trace of thread 44110:
#0  0x00007f7fbf12aa05 intGetTdEntry (librpm.so.10 + 0xba05)
#1  0x00007f7fbf12d078 headerGet (librpm.so.10 + 0xe078)
#2  0x00007f7fbe1efe11 rpmhead2solv (libsolvext.so.1 + 0x17e11)
#3  0x00007f7fbe1f10ee repo_add_rpmdb (libsolvext.so.1 + 0x190ee)
#4  0x00007f7fbed2b193 _ZNSt6thread11_State_implINS_8_InvokerISt5tupleIJZN7libdnf54repo8RepoSack4Impl21update_and_load_reposERNS4_9RepoQueryEbEUlvE_EEEEE6_M_runEv (libdnf5.so.2 + 0x12b193)
#5  0x00007f7fbe8e7524 execute_native_thread_routine (libstdc++.so.6 + 0xe7524)
#6  0x00007f7fbe67e797 start_thread (libc.so.6 + 0x70797)
#7  0x00007f7fbe70278c __clone3 (libc.so.6 + 0xf478c)

ppisar avatar Aug 02 '24 11:08 ppisar

Detailed backtrace from GDB:

(gdb) bt
#0  0x00007ffff7080724 in __pthread_kill_implementation () at /lib64/libc.so.6
#1  0x00007ffff7027d0e in raise () at /lib64/libc.so.6
#2  0x00007ffff700f942 in abort () at /lib64/libc.so.6
#3  0x00007ffff72a5da9 in __gnu_cxx::__verbose_terminate_handler() [clone .cold] ()
    at /lib64/libstdc++.so.6
#4  0x00007ffff72b7c2c in __cxxabiv1::__terminate(void (*)()) () at /lib64/libstdc++.so.6
#5  0x00007ffff72a5951 in std::terminate() () at /lib64/libstdc++.so.6
#6  0x00007ffff76ad2c9 in std::__terminate ()
    at /usr/include/c++/14/x86_64-redhat-linux/bits/c++config.h:2165
#7  std::thread::~thread (this=0x7fffffffcfc0, __in_chrg=<optimized out>)
    at /usr/include/c++/14/bits/std_thread.h:182
#8  0x00007ffff77caea2 in libdnf5::repo::RepoSack::Impl::update_and_load_repos
    (this=0x6f2f00, repos=..., import_keys=true) at /home/test/dnf5/libdnf5/repo/repo_sack.cpp:587
#9  0x00007ffff77cb04b in libdnf5::repo::RepoSack::load_repos (this=0x6f1460)
    at /home/test/dnf5/libdnf5/repo/repo_sack.cpp:609
#10 0x0000000000538a24 in dnf5::Context::Impl::load_repos (this=0x6f10a0, load_system=true)
    at /home/test/dnf5/dnf5/context.cpp:307
#11 0x000000000053abc2 in dnf5::Context::load_repos (this=0x7fffffffd890, load_system=true)
    at /home/test/dnf5/dnf5/context.cpp:549
#12 0x0000000000576a7a in main (argc=3, argv=0x7fffffffddd8) at /home/test/dnf5/dnf5/main.cpp:1363

It looks like an unhandled exception.

ppisar avatar Aug 02 '24 11:08 ppisar

but /root/repos/test/key file not exisiting

This should happen just due to some manual interventions or non-standard situations, right?

jan-kolarik avatar Aug 06 '24 08:08 jan-kolarik

Having gpgkey set to a nonexistent file is a non-standard situation. I now verified it also happens if gpgkey is an HTTP URL. That means it can be triggered remotely. Fortunately it manifests only for repositories without installed keys. That its when the user enabled that repository for the first time.

Affected packages:

libdnf5-5.2.5.0-20240805005756.19.g04d9908f.fc41.x86_64 librepo-1.18.0-20240804010008.5.g3c85711.fc41.x86_64 libsolv-0.7.30-20240805005745.0.g27aa6a72.fc41.x86_64

ppisar avatar Aug 06 '24 08:08 ppisar