Thread: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
[RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Thomas Boussekey
Date:
Hello all,
This morning, a new RPM version has been sent to https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/ with version ID 42.0-17.1
We had to adapt our tooling to comply with this new repository file.
We faced the following error on section pgdg-common
> Failure talking to yum: failure: repodata/repomd.xml.asc from pgdg-common
Searching on the internet, we managed to perform a workaround disabling the parameter `repo_gpgcheck` into the section pgdg-common.
Hope it can help others,
Best regards,
Thomas
Re: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Devrim Gündüz
Date:
Hi, On Thu, 2021-05-06 at 16:29 +0200, Thomas Boussekey wrote: > > > This morning, a new RPM version has been sent to > https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/ wit > h > version ID 42.0-17.1 > We had to adapt our tooling to comply with this new repository file. > > We faced the following error on section pgdg-common > > Failure talking to yum: failure: repodata/repomd.xml.asc from pgdg- > > common > > Searching on the internet, we managed to perform a workaround disabling > the > parameter `repo_gpgcheck` into the section pgdg-common. > > Hope it can help others, Actually please put that setting back. There was a sync issue which I fixed yesterday. repo_gpgcheck should be 1, per: https://people.planetpostgresql.org/devrim/index.php?/archives/113-CVE-2021-20271-and-PostgreSQL-YUMDNF-repo.html Regards, -- Devrim Gündüz Open Source Solution Architect, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR
Attachment
Re: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Thomas Boussekey
Date:
Hello,
Le ven. 7 mai 2021 à 13:55, Devrim Gündüz <devrim@gunduz.org> a écrit :
Hi,
On Thu, 2021-05-06 at 16:29 +0200, Thomas Boussekey wrote:
> >
> This morning, a new RPM version has been sent to
> https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/ wit
> h
> version ID 42.0-17.1
> We had to adapt our tooling to comply with this new repository file.
>
> We faced the following error on section pgdg-common
> > Failure talking to yum: failure: repodata/repomd.xml.asc from pgdg-
> > common
>
> Searching on the internet, we managed to perform a workaround disabling
> the
> parameter `repo_gpgcheck` into the section pgdg-common.
>
> Hope it can help others,
Actually please put that setting back. There was a sync issue which I
fixed yesterday. repo_gpgcheck should be 1, per:
https://people.planetpostgresql.org/devrim/index.php?/archives/113-CVE-2021-20271-and-PostgreSQL-YUMDNF-repo.html
I saw your blog article yesterday, nice job!
Yesterday, I didn't find the file `repomd.xml.asc` into the folder:
Now it is available!
I remove my workaround
Have a nice week-end,
Thomas
Regards,
--
Devrim Gündüz
Open Source Solution Architect, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR
Re: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Dhanisha
Date:
Hi, I also see a similar error while performing "yum install postgresql10-devel" yum-dump Repository Error: failure: repodata/repomd.xml from pgdg-common: [Errno 256] No more mirrors to try. https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-7-x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for pgdg-common I have not made any changes to /etc/yum.repos.d/pgdg-redhat-all.repo Regards, Dhanisha Phadate -- Sent from: https://www.postgresql-archive.org/PostgreSQL-general-f1843780.html
Re: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Devrim Gündüz
Date:
Hi, On Tue, 2021-05-11 at 15:42 -0700, Dhanisha wrote: > > I also see a similar error while performing "yum install > postgresql10-devel" > > yum-dump Repository Error: failure: repodata/repomd.xml from pgdg- > common: > [Errno 256] No more mirrors to try. > https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-7-x86_64/repodata/repomd.xml > : > [Errno -1] repomd.xml signature could not be verified for pgdg-common > > I have not made any changes to /etc/yum.repos.d/pgdg-redhat-all.repo yum clean metadata yum install postgresql10-devel Regards, -- Devrim Gündüz Open Source Solution Architect, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR
Attachment
Re: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Dhanisha
Date:
Hi Devrim, Thank you for your response. I have tried your suggestion, but the error is still present. I get below stack trace when I run 'yum update' or 'yum install' I have tried few more things 1. If I specify --nogpgcheck in yum install or remove pgdg-redhat-all.repo, the error goes away. 2. I have also specified their respective gpgkeys file. I don't think it's an issue with yum or the system at this point, as we can reproduce it on other systems. Sincerely, Dhanisha Phadate -- Sent from: https://www.postgresql-archive.org/PostgreSQL-general-f1843780.html
Re: [RPM/CentOS7] Need to disable repo_gpgcheck on pgdg-common when using RPM version 42.0-17.1
From
Thomas Boussekey
Date:
Hello all,
Yesterday, a new release of the RPM definition has been released, in order to integrate many cool updates: https://git.postgresql.org/gitweb/?p=pgrpms.git;a=summary
And at 10PM yesterday, we encountered a problem on the postgresql instance upgrades that were performed pointing to the previous RPM definition.
Using the latest tag is not in our team best practices.
Is it possible to keep the last 2 versions?
I made a quick search on the scripts contained into the GIT project: https://git.postgresql.org/gitweb/?p=pgrpms.git;a=summary, in order to see if it is possible, as it was defined in per-OS version until 2019 (search for pgdg-redhat-repo in https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-7-x86_64/), but it looks difficult to handle (I got quickly lost in the multiple Makefiles).
Thanks in advance for your help,
Have a nice day,
Thomas B
Le jeu. 13 mai 2021 à 21:46, Dhanisha <dhanisha.phadate@schrodinger.com> a écrit :
Hi Devrim,
Thank you for your response.
I have tried your suggestion, but the error is still present.
I get below stack trace when I run 'yum update' or 'yum install'
I have tried few more things
1. If I specify --nogpgcheck in yum install or remove pgdg-redhat-all.repo,
the error goes away.
2. I have also specified their respective gpgkeys file.
I don't think it's an issue with yum or the system at this point, as we can
reproduce it on other systems.
Sincerely,
Dhanisha Phadate
--
Sent from: https://www.postgresql-archive.org/PostgreSQL-general-f1843780.html