request #11338 Package signing in Tuleap build pipeline can success even if some packages have not been signed

Artifact

Infos

Artifact ID#11338

Submitted byThomas Gerbet (tgerbet)

Last Modified On2018-04-30 11:12

Submitted on2018-04-03 13:25

Rank11667

Details

Summary *

Package signing in Tuleap build pipeline can success even if some packages have not been signed

Original Submission

The signing packages step in the Tuleap build pipeline can success even if some packages has not been signed. This is an issue because it means that non signed packages can be published into the Tuleap repositories which is going to broke update/install processes.

This is due to an issue in rpm-sign [0] so the signing packages step should check if all the packages have at least one signature.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1419590

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2018-04-30

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #11242	Tuleap	Releases	10.1	Delivered	2018-23-05 11:30	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #11338

Git commit

tuleap/tools/sign-packages-repositories

Check that packages have changed after the signature (which means they probably have been signed) 13b39da306

Thomas Gerbet (tgerbet) , 2018-04-30 11:11

Show items referenced by request #11338

Referenced by request #11338

Artifact Tracker v5

rel #11242 10.1

Follow-ups

Thomas Gerbet (tgerbet)

2018-04-30 11:12

git #tools/sign-packages-repositories/13b39da30674a846a32a62a70f7ac39703672bfc solves the issue. If no modifications are detected after the signing, the packages is considered unsigned the process exit with an error code.

Status changed from Verified to Closed
Connected artifacts
- Added Fixed in: rel #11242
Close date set to 2018-04-30