[libvirt] Broken OpenVZ RPM deps on CentOS 7 (Re: [jenkins-ci PATCH v2 1/3] guests: add openvz repository on) CentOS 7

Daniel P. Berrangé berrange at redhat.com
Mon Dec 9 10:40:04 UTC 2019

CC'ing Nikolay on this to raise the issue of broken deps in the OpenVZ
repo for CentOS 7 & incorrectly documented GPG keys ...

On Fri, Dec 06, 2019 at 06:53:38PM +0000, Daniel P. Berrangé wrote:
> The OpenVZ site provides a yum repo built against RHEL-7 that includes
> the prlsdk-devel RPM needed for the VZ driver. This repo has quite alot
> of packages that replace stuff from standard RHEL repos, so the yum
> config file is set to whitelist only the minimal RPMs we need to do
> builds. Fortunately they have no deps which would cause replacement of
> standard RHEL RPMs.
> Note this does not use the latest OpenVZ repo link, since that currently
> has broken dependencies present

Originally I was using this URL for yum:


Which results in this broken dep at install time:

> Error: Package: libprlcommon-7.0.183-1.vz7.x86_64 (vz)
>            Requires: libjson-c.so.2(libjson-c.so.2)(64bit)
> The Requires line ought to be
>    libjson-c.so.2()(64bit)

This appears to be a recent problem from the Dec 4th release of
openvz-7.0.12-283 - the previous openvz-7.0.11-235 has correctly
resolving deps.

The other issue that I forgot to mention is that the GPG keys used for
signing the RPMs on download.openvz.org are incorrectly / misleadingly

In the README at:


it documents & links to https://download.openvz.org/RPM-GPG-Key-OpenVZ
saying this is used to sign RPMs on download.openvz.org

This doc is repeated at https://wiki.openvz.org/Package_signatures

That key has key ID a7a1d4b6 as identified as
"OpenVZ Project <security at openvz.org>"

This documentation is all wrong though, as this key is not used
to sign the RPMs for CentOS7 at least

The RPMs in


at signed by key with ID 44cdad2a. It took me a long time to find
this key, but eventually I discovered a link to it from


Section 2, 2. Virtuozzo 7, Virtuozzo Automator 7, and Virtuozzo
PowerPanel Signing Key


which identifies itself as "Virtuozzo Team (GPG key signature 
for packages) <security at virtuozzo.com>"

|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list