[BUG REPORT] openSUSE zypper failure with all gpg versions > 2.2.6
James Bottomley
James.Bottomley at HansenPartnership.com
Fri Mar 27 20:37:00 CET 2020
On Thu, 2020-03-26 at 09:57 -0700, James Bottomley via Gnupg-devel
wrote:
> On Thu, 2020-03-26 at 09:44 -0400, Daniel Kahn Gillmor wrote:
[...]
> > Also, you say that zypper works if you revert this patch. have you
> > tested this "working" configuration against a deliberately tampered
> > message body? To test that it is working, it's best to verify both
> > that a valid message is accepted *and* that a tampered message is
> > rejected.
>
> I can check ... I just have to set up a corrupt repo, hang on.
OK, I've created a repo under my control and pointed zypper to it and
verified it works OK. Corrupting the repomd.xml file to cause the
signature to fail gets a warning message from zypper and signing it
with a different key also gets a message asking me to accept the new
key, so I think its operating correctly with the patch reverted.
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200327/0ab4dd63/attachment.sig>
More information about the Gnupg-devel
mailing list