Re: The semiannual "Transaction failed: Signature verification failed." exercise

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 15, 2024 at 07:57:37PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> It's this time of the year again:
...
> 
> Could we please do something so that this doesn't happen?
> Dunno, generate and distribute the keys earlier so that mock
> and https://fedoraproject.org/fedora.gpg get updated _before_
> we need it?

That won't do it. We need mock to update it's config at exactly the same
moment a successfull rawhide compose completes and mirrors to whatever
mirror you are hitting. ;( 

We make keys a year ahead now. The f42 key is in fedora-release already.

> I know this subject comes up approx. twice a year (or once once for F21 ;) ),
> e.g. [2]. I know this can be "fixed" with some manual steps, but I posit
> that this should never occur in the first place.

I guess one possible solution would be for rpm to support multiple
signatures and koji to support writing out those rpms and then we could
sign new rawhide with both keys at least for a while. 

I guess I had that idea 7 years ago:
https://github.com/rpm-software-management/rpm/issues/189

Or I suppose we could move to just one key for everything, but then it
would have a larger effect if we ever had to revoke/reissue. 

At the very least, perhaps mock could try and identify this problem and
note to upgrade mock-core-configs?

Dunno. I agree it's not good, but it's not easy to solve either. 

kevin

Attachment: signature.asc
Description: PGP signature

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux