Re: nonfree devel packages not signed?
Hi, On 19-08-19 22:20, Nicolas Chauvet wrote: Le lun. 19 août 2019 à 22:10, Hans de Goede a écrit : Hi, On 19-08-19 21:30, Nicolas Chauvet wrote: Le lun. 19 août 2019 à 21:15, Hans de Goede a écrit : Hi All, When I try to do an update on a rawhide/F31 install I get: Package d2x-1.43-22.rebirth_v0.60.20181218gitaf25483.fc31.x86_64.rpm is not signed Package doom-shareware-1.9-17.s.fc31.noarch.rpm is not signed Package faac-1.29.9.2-7.fc31.x86_64.rpm is not signed Package fdk-aac-2.0.0-3.fc31.x86_64.rpm is not signed Package gstreamer1-plugins-bad-nonfree-1.16.0-2.fc31.x86_64.rpm is not signed Package lha-1.14i-35.20161015git6f6cbc1.fc31.x86_64.rpm is not signed Package libunrar-5.7.4-2.fc31.x86_64.rpm is not signed Package mac-libs-4.11-8.u4b5.fc31.x86_64.rpm is not signed Package pyskool-1.2.1-5.fc31.noarch.rpm is not signed Package roadfighter-1.0.1269-16.fc31.x86_64.rpm is not signed Package spear-demo-1-11.fc31.noarch.rpm is not signed Package steam-1.0.0.61-3.fc31.i686.rpm is not signed Package unrar-5.7.4-2.fc31.x86_64.rpm is not signed Package vice-3.2-5.fc31.x86_64.rpm is not signed Package vice-common-3.2-5.fc31.x86_64.rpm is not signed Package vice-data-3.2-5.fc31.noarch.rpm is not signed Package vice-x128-3.2-5.fc31.x86_64.rpm is not signed Package vice-x64-3.2-5.fc31.x86_64.rpm is not signed Package vice-xcbm-ii-3.2-5.fc31.x86_64.rpm is not signed Package vice-xplus4-3.2-5.fc31.x86_64.rpm is not signed Package vice-xvic-3.2-5.fc31.x86_64.rpm is not signed Package wolf3d-shareware-1.4-10.fc31.noarch.rpm is not signed And a few more. The devel packages for free do seem to be signed ? It's weird as packages shouldn't end unsigned in our repos (or the repo itslef will fails to generate) It could be that the yum.conf is pointing to the wrong key ? I had that issue with the rawhide Fedora repo, now that that is being signed with the f32 key, the errors are different then if dnf misses the pub key it states so and it prints the pub key the repo config points to. AFAICT this error really means the packages are not signed. So after poking around a bit and after updating rpmfusion-[non]free-release* to get the new key, things work fine now, even if I switch back to the -rawhide repos I was using before weird. One more remark, /etc/yum.repos.d/rpmfusion-[non]free-rawhide.repo ship with gpgcheck=0 by default, but as my testing has just verified the packages there are signed, so maybe we should change that to gpgcheck=1 instead, as we do for the other repos? We could turn gpgcheck=1 for rawhide indeed (Now I would try to avoid to think about why it failed with gpg having gpgcheck=0). It failed for me with the "not signed" errors because I replaced the gpgcheck=0 with gpgcheck=1 manually, sorry that I forgot to mention that (I edited the mail several times as I was experimenting and got thing to work and I ended up deleting the part where I said I had changed it to 1). Regards, Hans ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: nonfree devel packages not signed?
On Mon, Aug 19, 2019 at 4:40 PM Nicolas Chauvet wrote: > Le lun. 19 août 2019 à 22:25, FeRD a écrit : > > ...Why would it only be off for the binary RPM repos? > > Probably because nobody cared to report when it was not signed ... > Fair enough, heck I never even NOTICED until Hans brought it up. ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: nonfree devel packages not signed?
Le lun. 19 août 2019 à 22:25, FeRD a écrit : > > > > On Mon, Aug 19, 2019 at 4:10 PM Hans de Goede wrote: >> >> >> One more remark, /etc/yum.repos.d/rpmfusion-[non]free-rawhide.repo >> ship with gpgcheck=0 by default, but as my testing has just verified >> the packages there are signed, so maybe we should change that to >> gpgcheck=1 instead, as we do for the other repos? > > > Here's the weirder thing, from the currently-shipping files for F30 (I > downloaded the release RPMs and extracted, to ensure the config wasn't > locally modified): > > $ egrep '^(\[|gpgcheck)' rpmfusion-*.repo > rpmfusion-free-rawhide.repo:[rpmfusion-free-rawhide] > rpmfusion-free-rawhide.repo:gpgcheck=0 > rpmfusion-free-rawhide.repo:[rpmfusion-free-rawhide-debuginfo] > rpmfusion-free-rawhide.repo:gpgcheck=1 > rpmfusion-free-rawhide.repo:[rpmfusion-free-rawhide-source] > rpmfusion-free-rawhide.repo:gpgcheck=1 > rpmfusion-nonfree-rawhide.repo:[rpmfusion-nonfree-rawhide] > rpmfusion-nonfree-rawhide.repo:gpgcheck=0 > rpmfusion-nonfree-rawhide.repo:[rpmfusion-nonfree-rawhide-debuginfo] > rpmfusion-nonfree-rawhide.repo:gpgcheck=1 > rpmfusion-nonfree-rawhide.repo:[rpmfusion-nonfree-rawhide-source] > rpmfusion-nonfree-rawhide.repo:gpgcheck=1 > > ...Why would it only be off for the binary RPM repos? Probably because nobody cared to report when it was not signed ... -- - Nicolas (kwizart) ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: nonfree devel packages not signed?
On Mon, Aug 19, 2019 at 4:10 PM Hans de Goede wrote: > > One more remark, /etc/yum.repos.d/rpmfusion-[non]free-rawhide.repo > ship with gpgcheck=0 by default, but as my testing has just verified > the packages there are signed, so maybe we should change that to > gpgcheck=1 instead, as we do for the other repos? > Here's the weirder thing, from the currently-shipping files for F30 (I downloaded the release RPMs and extracted, to ensure the config wasn't locally modified): $ egrep '^(\[|gpgcheck)' rpmfusion-*.repo rpmfusion-free-rawhide.repo:[rpmfusion-free-rawhide] rpmfusion-free-rawhide.repo:gpgcheck=0 rpmfusion-free-rawhide.repo:[rpmfusion-free-rawhide-debuginfo] rpmfusion-free-rawhide.repo:gpgcheck=1 rpmfusion-free-rawhide.repo:[rpmfusion-free-rawhide-source] rpmfusion-free-rawhide.repo:gpgcheck=1 rpmfusion-nonfree-rawhide.repo:[rpmfusion-nonfree-rawhide] rpmfusion-nonfree-rawhide.repo:gpgcheck=0 rpmfusion-nonfree-rawhide.repo:[rpmfusion-nonfree-rawhide-debuginfo] rpmfusion-nonfree-rawhide.repo:gpgcheck=1 rpmfusion-nonfree-rawhide.repo:[rpmfusion-nonfree-rawhide-source] rpmfusion-nonfree-rawhide.repo:gpgcheck=1 ...Why would it *only* be off for the binary RPM repos? ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: nonfree devel packages not signed?
Le lun. 19 août 2019 à 22:10, Hans de Goede a écrit : > > Hi, > > On 19-08-19 21:30, Nicolas Chauvet wrote: > > Le lun. 19 août 2019 à 21:15, Hans de Goede a > > écrit : > >> > >> Hi All, > >> > >> When I try to do an update on a rawhide/F31 install I get: > >> > >> Package d2x-1.43-22.rebirth_v0.60.20181218gitaf25483.fc31.x86_64.rpm is > >> not signed > >> Package doom-shareware-1.9-17.s.fc31.noarch.rpm is not signed > >> Package faac-1.29.9.2-7.fc31.x86_64.rpm is not signed > >> Package fdk-aac-2.0.0-3.fc31.x86_64.rpm is not signed > >> Package gstreamer1-plugins-bad-nonfree-1.16.0-2.fc31.x86_64.rpm is not > >> signed > >> Package lha-1.14i-35.20161015git6f6cbc1.fc31.x86_64.rpm is not signed > >> Package libunrar-5.7.4-2.fc31.x86_64.rpm is not signed > >> Package mac-libs-4.11-8.u4b5.fc31.x86_64.rpm is not signed > >> Package pyskool-1.2.1-5.fc31.noarch.rpm is not signed > >> Package roadfighter-1.0.1269-16.fc31.x86_64.rpm is not signed > >> Package spear-demo-1-11.fc31.noarch.rpm is not signed > >> Package steam-1.0.0.61-3.fc31.i686.rpm is not signed > >> Package unrar-5.7.4-2.fc31.x86_64.rpm is not signed > >> Package vice-3.2-5.fc31.x86_64.rpm is not signed > >> Package vice-common-3.2-5.fc31.x86_64.rpm is not signed > >> Package vice-data-3.2-5.fc31.noarch.rpm is not signed > >> Package vice-x128-3.2-5.fc31.x86_64.rpm is not signed > >> Package vice-x64-3.2-5.fc31.x86_64.rpm is not signed > >> Package vice-xcbm-ii-3.2-5.fc31.x86_64.rpm is not signed > >> Package vice-xplus4-3.2-5.fc31.x86_64.rpm is not signed > >> Package vice-xvic-3.2-5.fc31.x86_64.rpm is not signed > >> Package wolf3d-shareware-1.4-10.fc31.noarch.rpm is not signed > >> > >> And a few more. > >> > >> The devel packages for free do seem to be signed ? > > > > It's weird as packages shouldn't end unsigned in our repos (or the > > repo itslef will fails to generate) > > It could be that the yum.conf is pointing to the wrong key ? > > I had that issue with the rawhide Fedora repo, now that that > is being signed with the f32 key, the errors are different then > if dnf misses the pub key it states so and it prints the pub key > the repo config points to. AFAICT this error really means the packages > are not signed. > > So after poking around a bit and after updating > rpmfusion-[non]free-release* to get the new key, things work fine now, > even if I switch back to the -rawhide repos I was using before > weird. > > One more remark, /etc/yum.repos.d/rpmfusion-[non]free-rawhide.repo > ship with gpgcheck=0 by default, but as my testing has just verified > the packages there are signed, so maybe we should change that to > gpgcheck=1 instead, as we do for the other repos? We could turn gpgcheck=1 for rawhide indeed (Now I would try to avoid to think about why it failed with gpg having gpgcheck=0). Thx -- - Nicolas (kwizart) ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: nonfree devel packages not signed?
Le lun. 19 août 2019 à 21:15, Hans de Goede a écrit : > > Hi All, > > When I try to do an update on a rawhide/F31 install I get: > > Package d2x-1.43-22.rebirth_v0.60.20181218gitaf25483.fc31.x86_64.rpm is not > signed > Package doom-shareware-1.9-17.s.fc31.noarch.rpm is not signed > Package faac-1.29.9.2-7.fc31.x86_64.rpm is not signed > Package fdk-aac-2.0.0-3.fc31.x86_64.rpm is not signed > Package gstreamer1-plugins-bad-nonfree-1.16.0-2.fc31.x86_64.rpm is not signed > Package lha-1.14i-35.20161015git6f6cbc1.fc31.x86_64.rpm is not signed > Package libunrar-5.7.4-2.fc31.x86_64.rpm is not signed > Package mac-libs-4.11-8.u4b5.fc31.x86_64.rpm is not signed > Package pyskool-1.2.1-5.fc31.noarch.rpm is not signed > Package roadfighter-1.0.1269-16.fc31.x86_64.rpm is not signed > Package spear-demo-1-11.fc31.noarch.rpm is not signed > Package steam-1.0.0.61-3.fc31.i686.rpm is not signed > Package unrar-5.7.4-2.fc31.x86_64.rpm is not signed > Package vice-3.2-5.fc31.x86_64.rpm is not signed > Package vice-common-3.2-5.fc31.x86_64.rpm is not signed > Package vice-data-3.2-5.fc31.noarch.rpm is not signed > Package vice-x128-3.2-5.fc31.x86_64.rpm is not signed > Package vice-x64-3.2-5.fc31.x86_64.rpm is not signed > Package vice-xcbm-ii-3.2-5.fc31.x86_64.rpm is not signed > Package vice-xplus4-3.2-5.fc31.x86_64.rpm is not signed > Package vice-xvic-3.2-5.fc31.x86_64.rpm is not signed > Package wolf3d-shareware-1.4-10.fc31.noarch.rpm is not signed > > And a few more. > > The devel packages for free do seem to be signed ? It's weird as packages shouldn't end unsigned in our repos (or the repo itslef will fails to generate) It could be that the yum.conf is pointing to the wrong key ? packages downloaded via rawhide should be signed with the f32 key whereas branch should use the f31 key. Can you dnf donwload one package and verify if there is a signature after you have imported the f31 and f32 keys ? Please also verify to have updated the f32 key with the very latest rpmfusion-free-release-31 as it was the same as f31 (my misstake). Thx - Nicolas (kwizart) ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org