Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-75579

Uninformative error message on --import failure

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-10.0
    • rust-rpm-sequoia
    • None
    • No
    • Moderate
    • rhel-security-crypto-spades
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      Test: /CoreOS/rpm/Regression/bz2069877-Uninformative-error-message-on-import-failure

      (to be updated with new error message

      Show
      Test: /CoreOS/rpm/Regression/bz2069877-Uninformative-error-message-on-import-failure (to be updated with new error message
    • None
    • None
    • None

      What were you trying to do that didn't work?

      import a sha-1 key using rpm --import

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      rpm-4.19.1.1-9.el10.x86_64

      How reproducible is this bug?:

      Steps to reproduce

      1. try to import a sha-1 key: rpm --import <key>

      Expected results

      rpm clearly informs what's wrong with the key, like it did in RHEL-9 (see bz: RHELPLAN-117198 ). User shouldn't be asked to use sq inspect to get the information about the error.

      rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
warning: Signature not supported. Hash algorithm SHA1 not available.
error: https://artifacts.elastic.co/GPG-KEY-elasticsearch: key 1 import failed.

      Actual results

       

      # rpm --import 4668_maphteach.pub
error: Certificate AA9AE97E55C5BEAC:
  Policy rejects AA9AE97E55C5BEAC: No binding signature at time 2025-01-21T12:14:14Z
error: 4668_maphteach.pub: key 1 import failed.




# sq inspect 4668_maphteach.pub 
4668_maphteach.pub: OpenPGP Certificate.      Fingerprint: 5EF34EEEA17383825F6E31A5AA9AE97E55C5BEAC
                   Invalid: No binding signature at time 2025-01-21T12:14:23Z: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance, because SHA1 is not considered secure
  Public-key algo: RSA
  Public-key size: 3072 bits
    Creation time: 2025-01-21 12:11:18 UTC           Subkey: B63B0B7BD50CC93E4ED8470E087823672675C65E
                   Invalid: Policy rejected non-revocation signature (SubkeyBinding) requiring second pre-image resistance
                   because: SHA1 is not considered secure
                   Invalid: primary key: No binding signature at time 2025-01-21T12:14:23Z, because Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance, because SHA1 is not considered secure
  Public-key algo: RSA
  Public-key size: 3072 bits
    Creation time: 2025-01-21 12:11:18 UTC           UserID: 4668_maphteach
                   Invalid: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
                   because: SHA1 is not considered secure

       

       

              jjelen@redhat.com Jakub Jelen
              mbanas@redhat.com Martin Banas
              Jakub Jelen Jakub Jelen
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: