[Beaker-devel] beaker-project.org yum repos are signed again (was Re: beaker-project.org yum repos no longer contain signed RPMs)

Sun, 15 Jul 2018 23:10:17 -0700 

Excerpts from Dan Callaghan's message of 2018-03-15 15:07 +10:00:
> Back in September 2016, we began publishing GPG-signed RPM packages in 
> our server and client yum repos here:
> 
> https://beaker-project.org/yum/
> 
> Due to some rearrangements in how we are handling our builds, starting 
> tonight these repos will no longer contain signed packages. If you have 
> gpgcheck=1 in /etc/yum.repos.d/ you will need to change this back to 
> gpgcheck=0. Sorry for the inconvenience.
> 
> In future we want to get this signing process going again and we will be 
> looking at ways to enable that.

Just to follow up on this... The server and client repos for RHEL are 
*back* to being signed again. I have updated the .repo files to have 
gpgcheck=1 and point at the appropriate GPG keys.

Note that the GPG signing key we are using is different to the one we 
had used in the past. The old one is NOT revoked or compromised but we 
are simply not using it anymore due to changes in the way we are 
producing and signing these builds.

Please also note that the RPM files have been replaced with their signed 
versions although the NVR is unchanged. As a consequence, yum may get 
confused if it uses older cached repodata which specifies a different 
size and checksum for the file (unsigned rather than signed). In this 
case you may see an error from yum like: "Package does not match 
intended download". As a workaround, you can run "yum clean 
expire-cache".

The harness repos remaining unsigned for now, as do the *-testing repos.

The server and client repos for Fedora are also still unsigned for now, 
I am still working on this. At this stage it is more likely we will get 
all packages into Fedora itself and remove these repos instead.

-- 
Dan Callaghan <dcall...@redhat.com>
Senior Software Engineer, Products & Technologies DevOps
Red Hat

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Beaker-devel mailing list -- beaker-devel@lists.fedorahosted.org
To unsubscribe send an email to beaker-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/beaker-devel@lists.fedorahosted.org/message/SYSTYVNLS6V672CBVMZISCQIKSCOFUVZ/

Reply via email to