Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fedora template: work to get metadata signing in place #6434

Open
DemiMarie opened this issue Mar 1, 2021 · 2 comments
Open

Fedora template: work to get metadata signing in place #6434

DemiMarie opened this issue Mar 1, 2021 · 2 comments
Labels
C: Fedora P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. security This issue pertains to the security of Qubes OS. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@DemiMarie
Copy link

Qubes OS version (if applicable)
Qubes release 4.0 (R4.0)

Affected component(s) or functionality (if applicable)
Fedora templates

Brief summary
We should work with Fedora to get them to sign their metadata. This is likely blocked on the stabilization of DNF 5, as DNF 4 has numerous bugs regarding metadata signing.

Additional context
There was an RCE in librepo that this would have mitigated. As per rpm-software-management/librepo#231 (comment) the issues in DNF are unlikely to be fixed in DNF 4.

Relevant documentation you've consulted

Related, non-duplicate issues
#6177 tracked signing of metadata for QubesOS.
@DemiMarie DemiMarie added T: task Type: task. An action item that is neither a bug nor an enhancement. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Mar 1, 2021
@andrewdavidwong andrewdavidwong added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: Fedora security This issue pertains to the security of Qubes OS. and removed T: task Type: task. An action item that is neither a bug nor an enhancement. labels Mar 2, 2021
@andrewdavidwong andrewdavidwong added this to the TBD milestone Mar 2, 2021
@adrelanos
Copy link
Member

References I've found:

What is the latest status of this?

@DemiMarie
Copy link
Author

Robosignatory has full support now. I have a draft PR for pungi and koji support has not started.

It isn’t that difficult, but it is another thing on my to-do list. It’s all Python scripting, so it should not be too hard for someone else to help.

@andrewdavidwong andrewdavidwong removed this from the Release TBD milestone Aug 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: Fedora P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. security This issue pertains to the security of Qubes OS. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adrelanos @DemiMarie @andrewdavidwong