rabbitmq apks have bad signatures in alpine/latest-stable #555

trappar · 2021-01-14T19:14:04Z

I'm getting the following issue when using http://dl-cdn.alpinelinux.org/alpine/latest-stable/main:

Step 7/19 : RUN apk add --allow-untrusted --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/latest-stable/main rabbitmq-c-dev
 ---> Running in e85209db649a
fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/6) Installing pkgconf (1.7.3-r0)
(2/6) Installing popt (1.18-r0)
(3/6) Installing popt-dev (1.18-r0)
(4/6) Installing openssl-dev (1.1.1i-r0)
(5/6) Installing rabbitmq-c (0.10.0-r1)
ERROR: rabbitmq-c-0.10.0-r1: BAD signature
(6/6) Installing rabbitmq-c-dev (0.10.0-r1)
ERROR: rabbitmq-c-dev-0.10.0-r1: BAD signature

Switching to http://dl-cdn.alpinelinux.org/alpine/v3.13/main seems to fix the problem:

Step 7/19 : RUN apk add --allow-untrusted --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.13/main rabbitmq-c-dev
 ---> Running in a81d79e58d1d
fetch http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/6) Installing pkgconf (1.7.3-r0)
(2/6) Installing popt (1.18-r0)
(3/6) Installing popt-dev (1.18-r0)
(4/6) Installing openssl-dev (1.1.1i-r0)
(5/6) Installing rabbitmq-c (0.10.0-r1)
(6/6) Installing rabbitmq-c-dev (0.10.0-r1)

This doesn't seem possible as latest-stable should be the same as 3.13. The indexes here (latest) and here (3.13) shows the same files with the same dates and sizes, that is:

But when I actually download both files I get this:

-rw-rw-r-- 1 trappar trappar 37599 Jan 14 11:05 'FROM 3.13 rabbitmq-c-0.10.0-r1.apk'
-rw-rw-r-- 1 trappar trappar 37515 Jan 14 11:06 'FROM latest rabbitmq-c-0.10.0-r1.apk'

As you can see the file from latest has the incorrect size - thus the bad signature.

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rabbitmq apks have bad signatures in alpine/latest-stable #555

rabbitmq apks have bad signatures in alpine/latest-stable #555

trappar commented Jan 14, 2021 •

edited

Loading

rabbitmq apks have bad signatures in alpine/latest-stable #555

rabbitmq apks have bad signatures in alpine/latest-stable #555

Comments

trappar commented Jan 14, 2021 • edited Loading

trappar commented Jan 14, 2021 •

edited

Loading