Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EL9 does not support RPM SHA1 signatures anymore #51

Closed
Obihoernchen opened this issue Sep 30, 2022 · 9 comments
Closed

EL9 does not support RPM SHA1 signatures anymore #51

Obihoernchen opened this issue Sep 30, 2022 · 9 comments
Assignees
@gurevichmark
Milestone
2.16.5

Comments

@Obihoernchen
Copy link
Member

Obihoernchen commented Sep 30, 2022
edited
Loading

Hi,

EL9 based OS's changed their crypto policies and dropped support for SHA1 keys. Therefore, packages from xcat-dep can't be installed without allowing legacy SHA1 keys. Disabling GPG checks does not help in this case.

See: https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9

Trying to install xcat on x86-64 EL9 shows the following issues:

  package perl-HTTP-Async-0.30-2.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package perl-Net-HTTPS-NB-0.14-2.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package xnba-undi-1.21.1-1.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package xCAT-genesis-base-x86_64-2:2.14.5-snap201811190037.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package xCAT-genesis-base-ppc64-2:2.16.3-snap202110141642.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package syslinux-xcat-3.86-2.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package grub2-xcat-2.02-0.76.el7.1.snap201905160255.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package goconserver-0.3.3-snap202011021058.x86_64 does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
  package elilo-xcat-3.14-6.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD

Can you sign the RPMs with more up2date SHA-256 or SHA-512 instead?
In the future this issue will affect other distros, too.

Note: For testing purposes you may remove the key with: rpmsign --delsign <rpm>
@Obihoernchen Obihoernchen mentioned this issue Sep 30, 2022
Merged
@gurevichmark
Copy link
Contributor

@Obihoernchen What did you use to attempt to install xCAT ?
When I try to install individual xcat-dep RPMs signed with SHA1, it seems to work on my x86 RH9 VM:

[root@vm-1734 etc]# cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)
[root@vm-1734 etc]#

[root@vm-1734 gurevich]# rpm -qa | grep "goconserver"
[root@vm-1734 gurevich]#

[root@vm-1734 gurevich]# rpm -qip ./goconserver-0.3.3-snap202011021058.x86_64.rpm | grep "Signature"
warning: ./goconserver-0.3.3-snap202011021058.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: NOKEY
Signature   : RSA/SHA1, Tue 17 Nov 2020 03:50:41 PM EST, Key ID 68583856ca548a47
[root@vm-1734 gurevich]#

[root@vm-1734 gurevich]# rpm -i ./goconserver-0.3.3-snap202011021058.x86_64.rpm
warning: ./goconserver-0.3.3-snap202011021058.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: NOKEY
[root@vm-1734 gurevich]#

[root@vm-1734 gurevich]# rpm -qa | grep "goconserver"
goconserver-0.3.3-snap202011021058.x86_64
[root@vm-1734 gurevich]#

@Obihoernchen
Copy link
Member Author

Obihoernchen commented Oct 8, 2022
edited
Loading

@gurevichmark I'm using dnf, but rpm does not work either.
I just retested with a fresh Rocky Linux 9 container (previously I was using AlmaLinux 9) and it shows the same issue.
Are you sure you are using the latest updates?
The official documentation clearly states that SHA1 is not supported anymore.

❯ podman run -it rockylinux:9 /bin/bash
Resolved "rockylinux" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/rockylinux:9...
Getting image source signatures
Copying blob 6cd61d51950e done
Copying config dd89c878aa done
Writing manifest to image destination
Storing signatures
[root@211b6bb936a7 /]# curl -o /etc/yum.repos.d/xcat-dep.repo http://xcat.org/files/xcat/repos/yum/xcat-dep/rh8/x86_64/xcat-dep.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   209  100   209    0     0    710      0 --:--:-- --:--:-- --:--:--   710
[root@211b6bb936a7 /]# dnf install goconserver
Rocky Linux 9 - AppStream                                                               167 kB/s | 6.0 MB     00:36
Rocky Linux 9 - Extras                                                                  5.0 kB/s | 6.6 kB     00:01
xCAT 2 depedencies                                                                      140 kB/s | 148 kB     00:01
Dependencies resolved.
======================================================================================================================== Package                    Architecture          Version                                 Repository               Size
========================================================================================================================Installing:
 goconserver                x86_64                0.3.3-snap202011021058                  xcat-dep                7.8 M

Transaction Summary
========================================================================================================================Install  1 Package

Total download size: 7.8 M
Installed size: 26 M
Is this ok [y/N]: y
Downloading Packages:
goconserver-0.3.3-snap202011021058.x86_64.rpm                                           4.7 MB/s | 7.8 MB     00:01
------------------------------------------------------------------------------------------------------------------------Total                                                                                   4.7 MB/s | 7.8 MB     00:01
retrieving repo key for xcat-dep unencrypted from http://xcat.org/files/xcat/repos/yum/xcat-dep/rh8/x86_64/repodata/repomd.xml.key
xCAT 2 depedencies                                                                       11 kB/s | 3.2 kB     00:00
Importing GPG key 0xCA548A47:
 Userid     : "xCAT Automatic Signing Key <[email protected]>"
 Fingerprint: F2A2 306F 7EB3 3463 487F 7B84 6858 3856 CA54 8A47
 From       : http://xcat.org/files/xcat/repos/yum/xcat-dep/rh8/x86_64/repodata/repomd.xml.key
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Problem opening package goconserver-0.3.3-snap202011021058.x86_64.rpm. Failing package is: goconserver-0.3.3-snap202011021058.x86_64
 GPG Keys are configured as: http://xcat.org/files/xcat/repos/yum/xcat-dep/rh8/x86_64/repodata/repomd.xml.key
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
[root@211b6bb936a7 /]#

Does not work without GPG check either

[root@211b6bb936a7 /]# dnf --nogpgcheck install goconserver
Last metadata expiration check: 0:06:58 ago on Sat Oct  8 11:18:01 2022.
Dependencies resolved.
========================================================================================================================
 Package                    Architecture          Version                                 Repository               Size
========================================================================================================================
Installing:
 goconserver                x86_64                0.3.3-snap202011021058                  xcat-dep                7.8 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total size: 7.8 M
Installed size: 26 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] goconserver-0.3.3-snap202011021058.x86_64.rpm: Already downloaded
Running transaction check
Transaction check succeeded.
Running transaction test
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Transaction test error:
  package goconserver-0.3.3-snap202011021058.x86_64 does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
[root@211b6bb936a7 /]#

rpm does not work, too.

[root@211b6bb936a7 /]# curl -O https://xcat.org/files/xcat/repos/yum/xcat-dep/rh8/x86_64/goconserver-0.3.3-snap202011021058.x86_64.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 7946k  100 7946k    0     0  4292k      0  0:00:01  0:00:01 --:--:-- 4290k
[root@211b6bb936a7 /]# rpm -ihv goconserver-0.3.3-snap202011021058.x86_64.rpm
error: goconserver-0.3.3-snap202011021058.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
error: goconserver-0.3.3-snap202011021058.x86_64.rpm cannot be installed
[root@211b6bb936a7 /]#

It works if you enable SHA1 (not recommended)

[root@211b6bb936a7 /]# dnf install crypto-policies-scripts
[root@211b6bb936a7 /]# update-crypto-policies --show
DEFAULT
[root@211b6bb936a7 /]# rpm -qi crypto-policies
Name        : crypto-policies
Version     : 20220223
Release     : 1.git5203b41.el9_0.1
Architecture: noarch
Install Date: Wed Jul 20 14:11:45 2022
Group       : Unspecified
Size        : 84496
License     : LGPLv2+
Signature   : RSA/SHA256, Thu May 26 11:09:49 2022, Key ID 702d426d350d275d
Source RPM  : crypto-policies-20220223-1.git5203b41.el9_0.1.src.rpm
Build Date  : Thu May 26 11:07:41 2022
Build Host  : pb-913c6734-786b-424e-a5f3-17a9b188adca-b-noarch
Packager    : Rocky Linux Build System (Peridot) <[email protected]>
Vendor      : Rocky Enterprise Software Foundation
URL         : https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary     : System-wide crypto policies
Description :
This package provides pre-built configuration files with
cryptographic policies for various cryptographic back-ends,
such as SSL/TLS libraries.
[root@211b6bb936a7 /]# update-crypto-policies --set DEFAULT:SHA1
Setting system policy to DEFAULT:SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
[root@211b6bb936a7 /]# dnf install goconserver
Last metadata expiration check: 0:08:19 ago on Sat Oct  8 11:18:01 2022.
Dependencies resolved.
========================================================================================================================
 Package                    Architecture          Version                                 Repository               Size
========================================================================================================================
Installing:
 goconserver                x86_64                0.3.3-snap202011021058                  xcat-dep                7.8 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 7.8 M
Installed size: 26 M
Is this ok [y/N]: y
Downloading Packages:
goconserver-0.3.3-snap202011021058.x86_64.rpm                                           4.7 MB/s | 7.8 MB     00:01
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   4.7 MB/s | 7.8 MB     00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : goconserver-0.3.3-snap202011021058.x86_64                                                      1/1
  Running scriptlet: goconserver-0.3.3-snap202011021058.x86_64                                                      1/1
  Verifying        : goconserver-0.3.3-snap202011021058.x86_64                                                      1/1

Installed:
  goconserver-0.3.3-snap202011021058.x86_64

Complete!
[root@211b6bb936a7 /]#

@gurevichmark
Copy link
Contributor

@Obihoernchen

  • Have you tried it on the RedHat EL9?
  • You said "Are you sure you are using the latest updates?" Are there specific updates you think might affect this ?
  • I have rebuilt goconserver with SHA256 and stored it on xcat.org in /files/xcat/xcat-dep/2.x_Linux/beta Can you try it on your Rocky Linux or AlmaLinux ?
[gurevich@c910loginx02 x86_64]$ rpm -qpi goconserver-0.3.3-snap202011021058.x86_64.rpm
warning: goconserver-0.3.3-snap202011021058.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ca548a47: NOKEY
Name        : goconserver
Version     : 0.3.3
Release     : snap202011021058
Architecture: x86_64
Install Date: (not installed)
Group       : Applications/System
Size        : 27704155
License     : EPL
Signature   : RSA/SHA256, Wed 05 Oct 2022 03:50:09 PM EDT, Key ID 68583856ca548a47
Source RPM  : goconserver-0.3.3-snap202011021058.src.rpm
Build Date  : Mon 02 Nov 2020 10:58:17 AM EST
Build Host  : c910f04x12v02
Relocations : /
Packager    : IBM Corp.
Vendor      : IBM Corp.
URL         : https://github.com/xcat2/goconserver/
Summary     : Independent tool to provide terminal session service.
Description :
goconserver is written in golang and is a part of microservice of xCAT. It can work as a independent tool to provide the terminal session service. Terminal session could run in the background and help log the terminal content.
[gurevich@c910loginx02 x86_64]$

@Obihoernchen
Copy link
Member Author

Obihoernchen commented Oct 12, 2022
edited
Loading

Yes very same issue on RedHat 9 with latest upgrades.
No idea what update might cause this, but Alma, Rocky, Red Hat is all the same.

[root@localhost ~]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
[root@localhost ~]# update-crypto-policies --show
DEFAULT
[root@localhost ~]# dnf install goconserver
Updating Subscription Management repositories.
Last metadata expiration check: 0:14:05 ago on Wed 12 Oct 2022 04:42:18 PM CEST.
Dependencies resolved.
========================================================================================================================
 Package                    Architecture          Version                                 Repository               Size
========================================================================================================================
Installing:
 goconserver                x86_64                0.3.3-snap202011021058                  xcat-dep                7.8 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total size: 7.8 M
Installed size: 26 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] goconserver-0.3.3-snap202011021058.x86_64.rpm: Already downloaded                                            
Problem opening package goconserver-0.3.3-snap202011021058.x86_64.rpm
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
[root@localhost ~]# dnf install --nogpgcheck goconserver
Updating Subscription Management repositories.
Last metadata expiration check: 0:14:09 ago on Wed 12 Oct 2022 04:42:18 PM CEST.
Dependencies resolved.
========================================================================================================================
 Package                    Architecture          Version                                 Repository               Size
========================================================================================================================
Installing:
 goconserver                x86_64                0.3.3-snap202011021058                  xcat-dep                7.8 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total size: 7.8 M
Installed size: 26 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] goconserver-0.3.3-snap202011021058.x86_64.rpm: Already downloaded                                            
Running transaction check
Transaction check succeeded.
Running transaction test
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Transaction test error:
  package goconserver-0.3.3-snap202011021058.x86_64 does not verify: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD

Your new packages works fine:

[root@localhost ~]# dnf install https://xcat.org//files/xcat/xcat-dep/2.x_Linux/beta/goconserver-0.3.3-snap202011021058.x86_64.rpm
Updating Subscription Management repositories.
Last metadata expiration check: 0:17:33 ago on Wed 12 Oct 2022 04:42:18 PM CEST.
goconserver-0.3.3-snap202011021058.x86_64.rpm                                           3.3 MB/s | 7.8 MB     00:02    
Dependencies resolved.
========================================================================================================================
 Package                   Architecture         Version                                Repository                  Size
========================================================================================================================
Installing:
 goconserver               x86_64               0.3.3-snap202011021058                 @commandline               7.8 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total size: 7.8 M
Installed size: 26 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1 
  Installing       : goconserver-0.3.3-snap202011021058.x86_64                                                      1/1 
  Running scriptlet: goconserver-0.3.3-snap202011021058.x86_64                                                      1/1 
  Verifying        : goconserver-0.3.3-snap202011021058.x86_64                                                      1/1 
Installed products updated.

Installed:
  goconserver-0.3.3-snap202011021058.x86_64                                                                             

Complete!
[root@localhost ~]# rpm -qi goconserver-0.3.3-snap202011021058.x86_64
Name        : goconserver
Version     : 0.3.3
Release     : snap202011021058
Architecture: x86_64
Install Date: Wed 12 Oct 2022 04:59:56 PM CEST
Group       : Applications/System
Size        : 27704155
License     : EPL
Signature   : RSA/SHA256, Wed 05 Oct 2022 09:50:09 PM CEST, Key ID 68583856ca548a47
Source RPM  : goconserver-0.3.3-snap202011021058.src.rpm
Build Date  : Mon 02 Nov 2020 04:58:17 PM CET
Build Host  : c910f04x12v02
Relocations : / 
Packager    : IBM Corp.
Vendor      : IBM Corp.
URL         : https://github.com/xcat2/goconserver/
Summary     : Independent tool to provide terminal session service.
Description :
goconserver is written in golang and is a part of microservice of xCAT. It can work as a independent tool to provide the terminal session service. Terminal session could run in the background and help log the terminal content.

@gurevichmark
Copy link
Contributor

@Obihoernchen
Glad to see the resigned SHA256 package works for you.

One thing I can see, is the difference between NOKEY I get and BAD you get:

[root@vm-170 tmp]# rpm -ihv goconserver-0.3.3-snap202011021058.x86_64.rpm
warning: goconserver-0.3.3-snap202011021058.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: NOKEY
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:goconserver-0.3.3-snap20201102105################################# [100%]
[root@vm-170 tmp]#

[root@211b6bb936a7 /]# rpm -ihv goconserver-0.3.3-snap202011021058.x86_64.rpm
error: goconserver-0.3.3-snap202011021058.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
error: goconserver-0.3.3-snap202011021058.x86_64.rpm cannot be installed
[root@211b6bb936a7 /]#
  • Do you have any public keys installed ? What do you get running something like this:
[root@vm-170 tmp]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-fd431d51-4ae0493b --> Red Hat, Inc. (release key 2) <[email protected]> public key
gpg-pubkey-5a6340b3-6229229e --> Red Hat, Inc. (auxiliary key 3) <[email protected]> public key
[root@vm-170 tmp]#
  • Does the original SHA1 goconserver installs for you, if you use --nosignature flag ?
[root@vm-170 tmp]# rpm -ihv --nosignature goconserver-0.3.3-snap202011021058.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:goconserver-0.3.3-snap20201102105################################# [100%]
[root@vm-170 tmp]#

@Obihoernchen
Copy link
Member Author

Obihoernchen commented Oct 13, 2022
edited
Loading

Just the xcat key from xcat-dep (automatically imported by dnf):

[root@localhost ~]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-fd431d51-4ae0493b --> Red Hat, Inc. (release key 2) <[email protected]> public key
gpg-pubkey-5a6340b3-6229229e --> Red Hat, Inc. (auxiliary key 3) <[email protected]> public key
gpg-pubkey-ca548a47-5b2c830b --> xCAT Automatic Signing Key <[email protected]> public key

Looks like this is causing the difference:

[root@localhost ~]# rpm -e gpg-pubkey-ca548a47-5b2c830b
[root@localhost ~]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-fd431d51-4ae0493b --> Red Hat, Inc. (release key 2) <[email protected]> public key
gpg-pubkey-5a6340b3-6229229e --> Red Hat, Inc. (auxiliary key 3) <[email protected]> public key
[root@localhost ~]# rpm -Uhv --force goconserver-0.3.3-snap202011021058.x86_64.sha1.rpm
warning: goconserver-0.3.3-snap202011021058.x86_64.sha1.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: NOKEY
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:goconserver-0.3.3-snap20201102105################################# [ 50%]
Cleaning up / removing...
   2:goconserver-0.3.3-snap20201102105################################# [100%]
[root@localhost ~]#

For reference with installed xCAT GPG Key:

[root@localhost ~]# rpm -Uhv goconserver-0.3.3-snap202011021058.x86_64.sha1.rpm
error: goconserver-0.3.3-snap202011021058.x86_64.sha1.rpm: Header V4 RSA/SHA1 Signature, key ID ca548a47: BAD
error: goconserver-0.3.3-snap202011021058.x86_64.sha1.rpm cannot be installed
[root@localhost ~]# rpm -Uhv --nosignature goconserver-0.3.3-snap202011021058.x86_64.sha1.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
	package goconserver-0.3.3-snap202011021058.x86_64 is already installed
[root@localhost ~]# rpm -Uhv goconserver-0.3.3-snap202011021058.x86_64.sha256.rpm 
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
	package goconserver-0.3.3-snap202011021058.x86_64 is already installed
[root@localhost ~]# rpm -Uhv --nosignature goconserver-0.3.3-snap202011021058.x86_64.sha256.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
	package goconserver-0.3.3-snap202011021058.x86_64 is already installed
[root@localhost ~]#

@gurevichmark gurevichmark self-assigned this Oct 13, 2022
@gurevichmark gurevichmark added this to the 2.16.5 milestone Oct 13, 2022
@gurevichmark
Copy link
Contributor

@Obihoernchen
You said "Just the xcat key from xcat-dep (automatically imported by dnf)". Did you use go-xcat to install xCAT on your EL9 system or dnf to install individual RPM ? If dnf, any special flags for importing xcat key ?

@Obihoernchen
Copy link
Member Author

Just the xcat-dep repo file:

https://xcat.org/files/xcat/repos/yum/xcat-dep/rh8/x86_64/xcat-dep.repo

Then dnf install goconserver and dnf will ask you to import the key.

@gurevichmark gurevichmark mentioned this issue Oct 14, 2022
Merged
@gurevichmark
Copy link
Contributor

Fixed by xcat2/xcat-core#7262

xcat-dep RPMs signed with SHA256 are now at https://www.xcat.org/files/xcat/repos/yum/devel/xcat-dep/rh9/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gurevichmark gurevichmark

Labels
None yet
Projects
None yet
Milestone
2.16.5
Development

No branches or pull requests
2 participants
@Obihoernchen @gurevichmark