New Key Repo Locations

Axel Thimm Axel.Thimm at
Sun Aug 31 07:29:19 UTC 2008

On Sun, Aug 31, 2008 at 12:06:00AM -0400, Seth Vidal wrote:
> On Sat, 2008-08-30 at 23:53 -0400, Warren Togami wrote:
> > Anyhow, updates should begin flowing soon, and shortly thereafter
> > the old key is removed.  Oh, did you actually test rpm -e during
> > %post?  According to skvidal it doesn't work because it locks the
> > transaction.  Jeremy thinks the only assured way we can remove the
> > old key is with a hardcoded hack in rpm that will be removed in
> > F10 rpm.
> I tested rpm -e during %post on two f9 systems, It locked the rpmdb
> hard.

Have you tried with gpg-pubkey entries? I had asked on rpm-devel back
in these days when I was using the following snippet:

if [ "$1" = 1 ]; then
  for key in \
    gpg-pubkey-db42a60e-37ea5438,RPM-GPG-KEY.redhat \
    gpg-pubkey-66534c2b-3e60b428,RPM-GPG-KEY.atrpms \
    gpg-pubkey-e42d547b-3960bdf1,RPM-GPG-KEY.freshrpms \
    gpg-pubkey-b8693f2c-3f48c249,RPM-GPG-KEY.newrpms \
    gpg-pubkey-6b8d79e6-3f49313d,RPM-GPG-KEY.dag \
    gpg-pubkey-bbf04688-4018dbeb,RPM-GPG-KEY.biorpms \
    gpg-pubkey-68d9802a-406db022,RPM-GPG-KEY.ccrma \
    gpg-pubkey-4f2a6fd2-3f9d9d3b,RPM-GPG-KEY.redhat-fedora \
  ; do
    rpm -e --allmatches `echo $key | awk -F, '{print $1}'` > /dev/null 2>&1 || :
    rpm --import /usr/share/atrpms/`echo $key | awk -F, '{print $2}'`

I'm not using this anymore, since I can't vouch for the trust to all
third party repos, but the code was running fine back then w/o locking
up rpmdb. Maybe an rpm regression? Or maybe it works for gpg-pubkeys
only? Should we loop in Panu?
Axel.Thimm at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the Fedora-infrastructure-list mailing list