sgabios SRPM in CentOS 7 Sources repo signed with VirtSIG instead of CentOS7 key

Support for security such as Firewalls and securing linux
Post Reply
olagarde
Posts: 3
Joined: 2019/09/30 19:51:31

sgabios SRPM in CentOS 7 Sources repo signed with VirtSIG instead of CentOS7 key

Post by olagarde » 2020/04/22 14:58:11

Package sgabios-0.20110622svn-4.el7.src.rpm in the CentOS 7 Sources repo is signed with the Virt SIG while the other 2,753 srpms are signed with the CentOS 7 official signing key. The CentOS 7 Sources repodef also specifies RPM-GPG-KEY-CentOS-7, not RPM-GPG-KEY-CentOS-SIG-Virtualization. Is this package signed with the wrong key, or maybe placed in the wrong SRPM repo?

hughesjr
Site Admin
Posts: 251
Joined: 2004/12/05 01:51:26
Location: Corpus Christi, Texas, USA
Contact:

Re: sgabios SRPM in CentOS 7 Sources repo signed with VirtSIG instead of CentOS7 key

Post by hughesjr » 2020/04/22 15:29:55

OK .. i fixed this in the 7.8.2003 tree. It seems the virt sig also also built the same ENVR (they shouild not do that) .. and when moving during a point release we got the wrong srpm as they have the same name.

Once we release 7.8.2003 (in the next few days) it will be fixed.

olagarde
Posts: 3
Joined: 2019/09/30 19:51:31

Re: sgabios SRPM in CentOS 7 Sources repo signed with VirtSIG instead of CentOS7 key

Post by olagarde » 2020/04/22 21:33:20

Will update 7.7.1908 --> 7.8.2003 this end next week & confirm, thanks!

Post Reply

Return to “CentOS 7 - Security Support”