Re: The semiannual "Transaction failed: Signature verification failed." exercise

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Feb 18, 2024 at 12:32:45PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> 
> Oh, OK. So it was a misunderstanding on my side. I thought that since e.g. F41
> has a bunch of packages taken from F40 and F39 and earlier, they will be signed
> by those respective keys. But we resign them, so they are not. (To make this
> more confusing, on upgraded systems if the package version didn't change,
> and it doesn't if the package isn't rebuilt, we have the old package signed
> by the old key, while an "identical" package on a newer install will be signed
> by a newer key. But that's all OK, once you know about the resigning.)

Yeah... 

> I meant that F_40_ installations don't allow the F41 key. (F41/rawhide installations
> allow both, that is fine.)  But now I understand that F40 will get packages
> signed by the F40 key, and F41/rawhide will get resigned packages. So all is OK.
> 
> > > 3. If F42 key has already been generated, why isn't it distributed in
> > >    distribution-gpg-keys already, to make it well known and make the
> > >    transition easier in the future?
> > 
> > It should have been. I am not sure where the process failed. 
> > 
> > I did generate the fedora-42 key.
> 
> Right. The key is there, and even distribution-gpg-keys package has in on F39.
> 
> So I think the whole issue can be solved by letting tools use
> two keys for rawhide. The patch for mkosi was merged [1].
> Should we do something similar for mock?
> 
> [1] https://github.com/systemd/mkosi/commit/f221562c945a48db9384f8521f67b9b02cd71ac1

I think that would help a good bit if we can. 

I do see logic there to use rawhide and rawhide-1, but I think it needs
rawhide+1 also (at least around branching time)?

Can someone file a mock bug/pr?

kevin

Attachment: signature.asc
Description: PGP signature

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux