[libvirt] Broken OpenVZ RPM deps on CentOS 7 (Re: [jenkins-ci PATCH v2 1/3] guests: add openvz repository on) CentOS 7
Daniel P. Berrangé
berrange at redhat.com
Mon Dec 9 10:40:04 UTC 2019
CC'ing Nikolay on this to raise the issue of broken deps in the OpenVZ
repo for CentOS 7 & incorrectly documented GPG keys ...
On Fri, Dec 06, 2019 at 06:53:38PM +0000, Daniel P. Berrangé wrote:
> The OpenVZ site provides a yum repo built against RHEL-7 that includes
> the prlsdk-devel RPM needed for the VZ driver. This repo has quite alot
> of packages that replace stuff from standard RHEL repos, so the yum
> config file is set to whitelist only the minimal RPMs we need to do
> builds. Fortunately they have no deps which would cause replacement of
> standard RHEL RPMs.
>
> Note this does not use the latest OpenVZ repo link, since that currently
> has broken dependencies present
Originally I was using this URL for yum:
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/
Which results in this broken dep at install time:
> Error: Package: libprlcommon-7.0.183-1.vz7.x86_64 (vz)
> Requires: libjson-c.so.2(libjson-c.so.2)(64bit)
>
> The Requires line ought to be
>
> libjson-c.so.2()(64bit)
This appears to be a recent problem from the Dec 4th release of
openvz-7.0.12-283 - the previous openvz-7.0.11-235 has correctly
resolving deps.
The other issue that I forgot to mention is that the GPG keys used for
signing the RPMs on download.openvz.org are incorrectly / misleadingly
documented.
In the README at:
https://download.openvz.org/
it documents & links to https://download.openvz.org/RPM-GPG-Key-OpenVZ
saying this is used to sign RPMs on download.openvz.org
This doc is repeated at https://wiki.openvz.org/Package_signatures
That key has key ID a7a1d4b6 as identified as
"OpenVZ Project <security at openvz.org>"
This documentation is all wrong though, as this key is not used
to sign the RPMs for CentOS7 at least
The RPMs in
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/
at signed by key with ID 44cdad2a. It took me a long time to find
this key, but eventually I discovered a link to it from
https://docs.virtuozzo.com/keys/
Section 2, 2. Virtuozzo 7, Virtuozzo Automator 7, and Virtuozzo
PowerPanel Signing Key
https://docs.virtuozzo.com/keys/VIRTUOZZO_GPG_KEY
which identifies itself as "Virtuozzo Team (GPG key signature
for packages) <security at virtuozzo.com>"
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list