On Mon, Mar 11, 2019 at 7:30 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote:
On 3/11/19 4:31 AM, Vít Ondruch wrote:
> Hi,
>
> Can somebody please enlighten me, how to update Rawhide after branching
> and not using --nogpgcheck?
Can you expand on the case here?
What should happen is:
* branching
* f30 repos gets the f31 key
* you update your f30-repos
* you jump to rawhide and dnf just imports the key.
How did you get on rawhide?
I'm having a similar problem, but with Silverblue / rawhide.
I installed the system when rawhide was still f30, but now I can't run "rpm-ostree upgrade" anymore, due to this error:
Enabled rpm-md repositories: rawhide
Updating metadata for 'rawhide'... done
error: Failed to download gpg key for repo 'rawhide': Curl error (37): Couldn't read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-31-x86_64 [Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-31-x86_64]
I installed the system when rawhide was still f30, but now I can't run "rpm-ostree upgrade" anymore, due to this error:
Enabled rpm-md repositories: rawhide
Updating metadata for 'rawhide'... done
error: Failed to download gpg key for repo 'rawhide': Curl error (37): Couldn't read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-31-x86_64 [Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-31-x86_64]
So I'm *VERY* sure that I didn't mess with the system myself (since it's a Silverblue installation), but still it's broken due to the missing GPG keys.
Fabio
> It seems that Rawhide keys were added in fedora-repos-30-0.4. So this is
> the package which is still "rawhide" package and has "f31" keys. But
> this package was not probably signed, because this directory is empty:
>
> https://kojipkgs.fedoraproject.org/packages/fedora-repos/30/0.4/data/signed/
Yeah, no longer shipped packages have their signed packages removed
after a while to save space. You just want any newer one there.
https://kojipkgs.fedoraproject.org/packages/fedora-repos/30/0.5/data/signed/cfc659b9/
for example.
> Installing anything from Rawhide fails, because of missing GPG keys.
>
> So is there a way to get the GPG keys via DNF? Would it be possible to
> sign fedora-repos and fedora-release packages by older key to allow
> smooth updates?
The f30 repos should already include the f31 key.
https://src.fedoraproject.org/rpms/fedora-repos/c/81ae6bcd584818d890f7939658884c5c9ec2e85c?branch=f30
You can also get it from there:
https://src.fedoraproject.org/rpms/fedora-repos/raw/f30/f/RPM-GPG-KEY-fedora-31-primary
kevin
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx