On Thu, Feb 11, 2021 at 03:33:14PM +0100, Pavel Raiskup wrote: > On Thursday, February 11, 2021 2:24:28 PM CET Zbigniew Jędrzejewski-Szmek wrote: > > On Thu, Feb 11, 2021 at 10:19:25AM +0100, Pavel Raiskup wrote: > > > On Wednesday, February 10, 2021 2:49:00 PM CET Pavel Raiskup wrote: > > > > On Wednesday, February 10, 2021 12:29:51 AM CET Kevin Fenzi wrote: > > > > > On Tue, Feb 09, 2021 at 06:19:41PM -0500, Mohan Boddu wrote: > > > > > > On Mon, Feb 8, 2021 at 7:18 PM Petr Menšík <pemensik@xxxxxxxxxx> wrote: > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > I were unable to find time in the schedule, at which the new F35 GPG key > > > > > > > would be activated to sign new builds. > > > > > > > > > > > > It will be done a week before mass branching, but we are thinking of > > > > > > doing it a bit earlier to give more time. > > > > > > > > > > I think we should make the f36 key right now and add it to fedora-repos > > > > > and push it out to all branches. Then, when we get to f35 branching, we > > > > > make the f37 key (ie, we stay 6 months ahead). > > > > > > > > > > This way everyone has the new key already and there's no scrambling. > > > > > > > > > > (or this week, doesn't have to be today, just soon) > > > > > > > > Yes please! Something along those lines was proposed before, because it > > > > significantly eases mock maintenance during the branching period. E.g. > > > > now, at the time of F34 branching we already have released > > > > mock-core-configs (check updates-testing) with new F35 configuration and > > > > everything should be working. > > > > > > > > Sure, temporarily, the fedora-34-x86_64 chroot builds against 34 repos > > > > (still equivalent to rawhide), fedora-35-x86_64 config is symlink to > > > > rawhide, and builds against rawhide (still f34). So the only thing users > > > > will observe that 'fedora-rawhide-*' and 'fedora-35-*' are temporarily > > > > producing RPMs with fc34 %dist tag and this will automatically change once > > > > the mirrors are updated. > > > > > > > > It works now because the gpg keys have been generated a bit in advance for > > > > a few last fedora releases (in copr team we try to notify administrators > > > > to do that), but having it 6 months in advance will be better (less rush). > > > > I think we should dump this to the branching policy/howto documents so we > > > > don't have to manually track that. Finally, if we could document there > > > > that updated distribution-gpg-keys and mock-core-configs packages should > > > > be released, it would be an awesome help ... > > > > > > And we forgot to bump one configuration option in mock-core-configs, which > > > eventually broke the fluent branching process in mock. The related mock failure > > > looks like this: > > > > > > >> [SKIPPED] zlib-1.2.11-24.fc34.x86_64.rpm: Already downloaded > > > >> warning: /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1613034650.541875/root/var/cache/dnf/fedora-2d95c80a1fa0a67d/packages/fedora-gpg-keys-35-0.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 9867c58f: NOKEY > > > >> fedora 1.6 MB/s | 1.6 kB 00:00 > > > >> GPG key at file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-34-primary (0x45719A39) is already installed > > > >> fedora 1.6 MB/s | 1.6 kB 00:00 > > > >> GPG key at file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-34-primary (0x45719A39) is already installed > > > > > > > > > I've just wrapped a new mock-core-configs release which has the fix, and updated > > > the builds in bodhi updates. > > > > Hmm, I still see a failure: > > warning: /var/lib/mock/fedora-rawhide-x86_64-bootstrap/root/var/cache/dnf/fedora-2d95c80a1fa0a67d/packages/fedora-gpg-keys-35-0.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 9867c58f: NOKEY > > fedora 1.6 MB/s | 1.6 kB 00:00 > > GPG key at file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-34-primary (0x45719A39) is already installed > > fedora 1.6 MB/s | 1.6 kB 00:00 > > GPG key at file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-34-primary (0x45719A39) is already installed > > fedora 1.6 MB/s | 1.6 kB 00:00 > > GPG key at file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-33-primary (0x9570FF31) is already installed > > The GPG keys listed for the "fedora" repository are already installed but they are not correct for this package. > > Check that the correct key URLs are configured for this repository.. Failing package is: fedora-gpg-keys-35-0.1.noarch > > > > $ rpm -q mock-core-configs > > mock-core-configs-34-1.fc33.noarch > > Yeah, that's still the problem I meant - please install 34.1-1, not 34-1. I missed the .1 ;( -- New failure, I think, because it's only in ELN, and not in rawhide: packit builds in copr fail with [e.g. 1] warning: /var/lib/mock/fedora-eln-x86_64-bootstrap-1613129579.624253/root/var/cache/dnf/eln-78c0f68aeb10b59c/packages/alternatives-1.15-2.eln109.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 45719a39: NOKEY Fedora - ELN - Developmental packages for the n 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x9867C58F: Userid : "Fedora (35) <fedora-35-primary@xxxxxxxxxxxxxxxxx>" Fingerprint: 787E A6AE 1147 EEE5 6C40 B30C DB46 3971 9867 C58F From : /usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-rawhide-primary Key imported successfully Import of key(s) didn't help, wrong key(s)? Public key for alternatives-1.15-2.eln109.x86_64.rpm is not installed. Failing package is: alternatives-1.15-2.eln109.x86_64 GPG Keys are configured as: file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-rawhide-primary ... [1] https://prod.packit.dev/copr-build/81537 Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure