Hi All,
I’m from the Artifactory Team. We usually validate with Fedora images to ensure compliance with the latest changes, and I’ve observed an issue recently.
Test Case
The test case involves enabling the repo_gpgcheck flag and installing a package from Artifactory. The steps we follow are:
yum update -y && yum install -y curl info && dnf install -y --skip-broken dnf-utils libxcrypt-compat gzip
yum update -y dnf-data && rm -rf /etc/yum.repos.d/ fedora*
mkdir -p /etc/yum.repos.d
vi /etc/yum.repos.d/artifactory.repo
yum install -y vche
Contents of artifactory.repo File
[root@d2e444d86f12 /]# cat /etc/yum.repos.d/artifactory.repo
[Artifactory-Local]
name=Artifactory-Local
#baseurl=http://artifactory:8081/artifactory/yum-local-f1ep9itkdz
baseurl=https://admin:<access Token>@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz
enabled=1
gpgcheck=0
gpgkey=https://admin:<password>@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz/repodata/repomd.xml.key
group=MyGroup
repo_gpgcheck=1
In Fedora 41 Image stored in our Artifactory
In the Fedora 41 image stored in our Artifactory, when I tried to install the vche package, it threw a warning and proceeded with the installation. Please find the logs below:
[root@9fccccc16d73 /]# yum install -y vche
Updating and loading repositories:
Artifactory-Local 100% | 2.0 KiB/s | 1.3 KiB | 00m01s
>>> Librepo error: repomd.xml GPG signature verification error: Signing key not found
https://admin:password@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz/repodata/repomd.xml.key 100% | 4.2 KiB/s | 1.8 KiB | 00m00s
Importing PGP key 0x1A9049D0:
Fingerprint: 31C0FB043764831A0BFA388500DD8D921A9049D0
From : https://admin:password@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz/repodata/repomd.xml.key
The key was successfully imported.
Artifactory-Local 100% | 2.2 KiB/s | 2.1 KiB | 00m01s
Repositories loaded.
Package Arch Version Repository Size
Installing:
vche x86_64 1.7.2-1.el5.rf Artifactory-Local 159.7 KiB
Transaction Summary:
Installing: 1 package
Total size of inbound packages is 63 KiB. Need to download 63 KiB.
After this operation, 160 KiB extra will be used (install 160 KiB, remove 0 B).
[1/1] vche-0:1.7.2-1.el5.rf.x86_64 100% | 40.9 KiB/s | 63.4 KiB | 00m02s
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[1/1] Total 100% | 40.5 KiB/s | 63.4 KiB | 00m02s
Running transaction
[1/3] Verify package files 100% | 0.0 B/s | 1.0 B | 00m00s
[2/3] Prepare transaction 100% | 83.0 B/s | 1.0 B | 00m00s
[3/3] Installing vche-0:1.7.2-1.el5.rf.x86_64 100% | 4.4 MiB/s | 162.0 KiB | 00m00s
Warning: skipped PGP checks for 1 package from repository: Artifactory-Local
Complete!
[root@9fccccc16d73 /]# cat /etc/yum.repos.d/artifactory.repo
[Artifactory-Local]
name=Artifactory-Local
#baseurl=http://artifactory:8081/artifactory/yum-local-f1ep9itkdz
baseurl=https://admin:cmVmdGtuOjAxOjE3NzM3OTcwMzE6dHdReUpnYVlIUzl0QU1tbkpEQ2dtSnZ3bHNa@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz
enabled=1
gpgcheck=0
gpgkey=https://admin:password@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz/repodata/repomd.xml.key
group=MyGroup
repo_gpgcheck=1
[root@9fccccc16d73 /]# yum info vche
Updating and loading repositories:
Repositories loaded.
Installed packages
Name : vche
Epoch : 0
Version : 1.7.2
Release : 1.el5.rf
Architecture : x86_64
Installed size : 159.7 KiB
Source : vche-1.7.2-1.el5.rf.src.rpm
From repository : Artifactory-Local
Summary : Virtual console hex editor
URL : http://www.grigna.com/diego/linux/vche/
License : GPL
Description : vche is an ncurses hex editor that lets you edit hard drives, cdroms, RAM,
: and everything else that can be read.
Vendor : Dag Apt Repository, http://dag.wieers.com/apt/
[root@9fccccc16d73 /]# cat /etc/fedora-release
Fedora release 41 (Forty One)
Issue with Fresh Fedora 41 Image
However, if I pull the Fedora 41 image from Docker registry and try to follow similar steps, I’m getting the following error:
[root@564693f7122b /]# yum install -y vche
Updating and loading repositories:
Artifactory-Local 100% | 3.2 KiB/s | 1.3 KiB | 00m00s
>>> Librepo error: repomd.xml GPG signature verification error: Signing key not found
Repositories loaded.
Failed to resolve the transaction:
No match for argument: vche
You can try to add to command line:
--skip-unavailable to skip unavailable packages
Successful Installation in Fedora 40 Image
When I tried the same steps in a Fedora 40 image from Docker registry, it successfully installs the package:
[root@4e7f92c2f856 /]# yum install -y vche
Updating and loading repositories:
Artifactory-Local 603 B/s | 301 B 00:00
Artifactory-Local 9.1 kB/s | 1.8 kB 00:00
Importing GPG key 0x1A9049D0:
Userid : ""
Fingerprint: 31C0 FB04 3764 831A 0BFA 3885 00DD 8D92 1A90 49D0
From : https://admin:password@jfrtpit710x257673.jfrogdev.org/artifactory/yum-local-f1ep9itkdz/repodata/repomd.xml.key
Artifactory-Local 1.4 kB/s | 840 B 00:00
Dependencies resolved.
=====================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================================================================================================================
Installing:
vche x86_64 1.7.2-1.el5.rf Artifactory-Local 63 k
Transaction Summary
=====================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 63 k
Installed size: 160 k
Downloading Packages:
vche-1.7.2-1.el5.rf.x86_64.rpm 235 kB/s | 63 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 231 kB/s | 63 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : vche-1.7.2-1.el5.rf.x86_64 1/1
Installed:
vche-1.7.2-1.el5.rf.x86_64
Complete!
Summary
Please note that I have tried the same artifactory.repo configuration and installation of the same package in all the above scenarios.
last Friday (March 14) morning also this scenario passed on the latest fedora image. we have observed this issue in our saturday nightly run.
Please let me know how to resolve this issue