On Sun, 2008-08-31 at 10:29 +0300, Axel Thimm wrote:
> On Sun, Aug 31, 2008 at 12:06:00AM -0400, Seth Vidal wrote:
> > On Sat, 2008-08-30 at 23:53 -0400, Warren Togami wrote:
> > > Anyhow, updates should begin flowing soon, and shortly thereafter
> > > the old key is removed. Oh, did you actually test rpm -e during
> > > %post? According to skvidal it doesn't work because it locks the
> > > transaction. Jeremy thinks the only assured way we can remove the
> > > old key is with a hardcoded hack in rpm that will be removed in
> > > F10 rpm.
> >
> > I tested rpm -e during %post on two f9 systems, It locked the rpmdb
> > hard.
>
> Have you tried with gpg-pubkey entries? I had asked on rpm-devel back
> in these days when I was using the following snippet:
>
> %post
> if [ "$1" = 1 ]; then
> for key in \
> gpg-pubkey-db42a60e-37ea5438,RPM-GPG-KEY.redhat \
> gpg-pubkey-66534c2b-3e60b428,RPM-GPG-KEY.atrpms \
> gpg-pubkey-e42d547b-3960bdf1,RPM-GPG-KEY.freshrpms \
> gpg-pubkey-b8693f2c-3f48c249,RPM-GPG-KEY.newrpms \
> gpg-pubkey-6b8d79e6-3f49313d,RPM-GPG-KEY.dag \
> gpg-pubkey-bbf04688-4018dbeb,RPM-GPG-KEY.biorpms \
> gpg-pubkey-68d9802a-406db022,RPM-GPG-KEY.ccrma \
> gpg-pubkey-4f2a6fd2-3f9d9d3b,RPM-GPG-KEY.redhat-fedora \
> ; do
> :
> rpm -e --allmatches `echo $key | awk -F, '{print $1}'` > /dev/null 2>&1 || :
> rpm --import /usr/share/atrpms/`echo $key | awk -F, '{print $2}'`
> done
> fi
>
> I'm not using this anymore, since I can't vouch for the trust to all
> third party repos, but the code was running fine back then w/o locking
> up rpmdb. Maybe an rpm regression? Or maybe it works for gpg-pubkeys
> only? Should we loop in Panu?
yes, I tried gpg-pubkey specifically, both with and without the full
extension.
-sv
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
