•  
      request #11338 Package signing in Tuleap build pipeline can success even if some packages have not been signed
    Infos
    #11338
    Thomas Gerbet (tgerbet)
    2018-04-30 11:12
    2018-04-03 13:25
    11670
    Details
    Package signing in Tuleap build pipeline can success even if some packages have not been signed
    The signing packages step in the Tuleap build pipeline can success even if some packages has not been signed. This is an issue because it means that non signed packages can be published into the Tuleap repositories which is going to broke update/install processes.

    This is due to an issue in rpm-sign [0] so the signing packages step should check if all the packages have at least one signature.


    [0] https://bugzilla.redhat.com/show_bug.cgi?id=1419590
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-04-30
    Attachments
    Empty
    References
    Referencing request #11338
    Referenced by request #11338

    Artifact Tracker v5

    rel #11242 10.1

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2018-04-27 09:51
    Repositories are currently broken because the signing fails but everything look fine during the build. A proper check after the signing needs to be done.