On Tue, Sep 04, 2018 at 03:59:23PM +0200, Andrea Bolognani wrote: > During each Rawhide development cycle there is a point > at which packages start being signed with new keys, which > causes updates to fail. > > To work around the problem, make sure fedora-gpg-keys is > updated before attempting to update all other packages; > updating fedora-gpg-keys itself requires gpg signature > checking to be disabled. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> > --- > I am actually not 100% sure we need to disable gpg > signature checking in order to update fedora-gpg-keys: > it would make sense for that one package to be signed > with the old key to make the update possible without > breaking trust at any point in time. Unfortunately I > updated my Rawhide guest without taking a snapshot > first, and I can't figure out a way to get it back to > a state suitable for checking whether the above makes > sense :( Perhaps someone with deeper understanding of > the Fedora release process will confirm or deny. > guests/lcitool | 24 +++++++++++++++++------- > guests/playbooks/update/tasks/base.yml | 9 +++++++++ > 2 files changed, 26 insertions(+), 7 deletions(-) After chatting with one of the Fedora team about this, we came to conclusion there's no nicer option right now, so Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
