[libvirt] [jenkins-ci PATCH] guests: Special-case fedora-gpg-keys updates on Rawhide
Daniel P. Berrangé
berrange at redhat.com
Tue Sep 4 15:16:14 UTC 2018
On Tue, Sep 04, 2018 at 03:59:23PM +0200, Andrea Bolognani wrote:
> During each Rawhide development cycle there is a point
> at which packages start being signed with new keys, which
> causes updates to fail.
>
> To work around the problem, make sure fedora-gpg-keys is
> updated before attempting to update all other packages;
> updating fedora-gpg-keys itself requires gpg signature
> checking to be disabled.
>
> Signed-off-by: Andrea Bolognani <abologna at redhat.com>
> ---
> I am actually not 100% sure we need to disable gpg
> signature checking in order to update fedora-gpg-keys:
> it would make sense for that one package to be signed
> with the old key to make the update possible without
> breaking trust at any point in time. Unfortunately I
> updated my Rawhide guest without taking a snapshot
> first, and I can't figure out a way to get it back to
> a state suitable for checking whether the above makes
> sense :( Perhaps someone with deeper understanding of
> the Fedora release process will confirm or deny.
> guests/lcitool | 24 +++++++++++++++++-------
> guests/playbooks/update/tasks/base.yml | 9 +++++++++
> 2 files changed, 26 insertions(+), 7 deletions(-)
After chatting with one of the Fedora team about this, we
came to conclusion there's no nicer option right now, so
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list