-
Bug
-
Resolution: Unresolved
-
Major
-
rhel-10.0.beta
-
rpm-4.19.1.1-11.el10
-
Yes
-
Moderate
-
rhel-sst-cs-software-management
-
ssg_core_services
-
22
-
24
-
0
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
-
Pass
-
Automated
-
-
All
-
None
A regression found by RH QE emrakova@redhat.com while testing something related:
[pmatilai🎩︎lumikko ~]$ rpmkeys -Kv /tmp/bash-5.2.26-4.el10.x86_64.rpm
/tmp/bash-5.2.26-4.el10.x86_64.rpm:
Header OpenPGP V4 RSA/SHA256 signature, key ID 199e2f91fd431d51: NOKEY
Header SHA256 digest: OK
Payload SHA256 digest: OK
Legacy OpenPGP V4 RSA/SHA256 signature, key ID 199e2f91fd431d51: NOKEY
[pmatilai🎩︎lumikko ~]$ rpmsign --delsign /tmp/bash-5.2.26-4.el10.x86_64.rpm
[pmatilai🎩︎lumikko ~]$ rpmkeys -Kv /tmp/bash-5.2.26-4.el10.x86_64.rpm
/tmp/bash-5.2.26-4.el10.x86_64.rpm:
error: /tmp/bash-5.2.26-4.el10.x86_64.rpm: hdr magic: BAD
[pmatilai🎩︎lumikko ~]$
There are other scenarios where this could happen but easiest reproducer is basically any RHEL >= 9 package that has been signed by the RH signing-server. The signing-server misplaces the IMA signatures and this trips up buggy calculations in rpmsign --addsign/resign/delsign.
- links to
-
RHBA-2024:142592
rpm bug fix and enhancement update
