CC'ing Nikolay on this to raise the issue of broken deps in the OpenVZ repo for CentOS 7 & incorrectly documented GPG keys ... On Fri, Dec 06, 2019 at 06:53:38PM +0000, Daniel P. Berrangé wrote: > The OpenVZ site provides a yum repo built against RHEL-7 that includes > the prlsdk-devel RPM needed for the VZ driver. This repo has quite alot > of packages that replace stuff from standard RHEL repos, so the yum > config file is set to whitelist only the minimal RPMs we need to do > builds. Fortunately they have no deps which would cause replacement of > standard RHEL RPMs. > > Note this does not use the latest OpenVZ repo link, since that currently > has broken dependencies present Originally I was using this URL for yum: https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/ Which results in this broken dep at install time: > Error: Package: libprlcommon-7.0.183-1.vz7.x86_64 (vz) > Requires: libjson-c.so.2(libjson-c.so.2)(64bit) > > The Requires line ought to be > > libjson-c.so.2()(64bit) This appears to be a recent problem from the Dec 4th release of openvz-7.0.12-283 - the previous openvz-7.0.11-235 has correctly resolving deps. The other issue that I forgot to mention is that the GPG keys used for signing the RPMs on download.openvz.org are incorrectly / misleadingly documented. In the README at: https://download.openvz.org/ it documents & links to https://download.openvz.org/RPM-GPG-Key-OpenVZ saying this is used to sign RPMs on download.openvz.org This doc is repeated at https://wiki.openvz.org/Package_signatures That key has key ID a7a1d4b6 as identified as "OpenVZ Project <security@xxxxxxxxxx>" This documentation is all wrong though, as this key is not used to sign the RPMs for CentOS7 at least The RPMs in https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/ at signed by key with ID 44cdad2a. It took me a long time to find this key, but eventually I discovered a link to it from https://docs.virtuozzo.com/keys/ Section 2, 2. Virtuozzo 7, Virtuozzo Automator 7, and Virtuozzo PowerPanel Signing Key https://docs.virtuozzo.com/keys/VIRTUOZZO_GPG_KEY which identifies itself as "Virtuozzo Team (GPG key signature for packages) <security@xxxxxxxxxxxxx>" Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
