New Key Repo Locations
Axel Thimm
Axel.Thimm at ATrpms.net
Sun Aug 31 07:29:19 UTC 2008
On Sun, Aug 31, 2008 at 12:06:00AM -0400, Seth Vidal wrote:
> On Sat, 2008-08-30 at 23:53 -0400, Warren Togami wrote:
> > Anyhow, updates should begin flowing soon, and shortly thereafter
> > the old key is removed. Oh, did you actually test rpm -e during
> > %post? According to skvidal it doesn't work because it locks the
> > transaction. Jeremy thinks the only assured way we can remove the
> > old key is with a hardcoded hack in rpm that will be removed in
> > F10 rpm.
>
> I tested rpm -e during %post on two f9 systems, It locked the rpmdb
> hard.
Have you tried with gpg-pubkey entries? I had asked on rpm-devel back
in these days when I was using the following snippet:
%post
if [ "$1" = 1 ]; then
for key in \
gpg-pubkey-db42a60e-37ea5438,RPM-GPG-KEY.redhat \
gpg-pubkey-66534c2b-3e60b428,RPM-GPG-KEY.atrpms \
gpg-pubkey-e42d547b-3960bdf1,RPM-GPG-KEY.freshrpms \
gpg-pubkey-b8693f2c-3f48c249,RPM-GPG-KEY.newrpms \
gpg-pubkey-6b8d79e6-3f49313d,RPM-GPG-KEY.dag \
gpg-pubkey-bbf04688-4018dbeb,RPM-GPG-KEY.biorpms \
gpg-pubkey-68d9802a-406db022,RPM-GPG-KEY.ccrma \
gpg-pubkey-4f2a6fd2-3f9d9d3b,RPM-GPG-KEY.redhat-fedora \
; do
:
rpm -e --allmatches `echo $key | awk -F, '{print $1}'` > /dev/null 2>&1 || :
rpm --import /usr/share/atrpms/`echo $key | awk -F, '{print $2}'`
done
fi
I'm not using this anymore, since I can't vouch for the trust to all
third party repos, but the code was running fine back then w/o locking
up rpmdb. Maybe an rpm regression? Or maybe it works for gpg-pubkeys
only? Should we loop in Panu?
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080831/d74b8c7a/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list