I am syncing the Alma Linux 9 repository to The Foreman server.
Since today, the sync of the Alma Linux 9 BaseOS repo will break and abort.
It seems that the GPG signature of a specific file (in the BaseOS repo) is incorrect.
The error is:
A file located at the url https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/images/pxeboot/initrd.img failed validation due to checksum. Expected '730cb204bfd8668e7e3bd2e88ed1d443084d467db6d1228b63f8f27117e52e3a', Actual '1c1985fcc76ac600a37ec117964e1c3ddb9dc60aee9130e3d78ba09c89c22b18'
As a result, Foreman’s repo sync process will break off and abort, and the system can’t sync anything from that repo anymore.
I was able to reproduce the problem with another, independent Foreman server, with the same result.
It’s quite likely that the issue is within the repo itself, and not Foreman.
In theory, this could happen due to a supply-chain attack. But more likely, it may be a mistake in the deployment process.
Is this issue fixable by this community, or does it have to be fixed upstream?
I have found this old thread from 2022, regarding a similar issue: