#101 sync changes from Rawhide
Merged a month ago by humaton. Opened 2 months ago by kparal.
rpms/ kparal/fedora-repos f34-sync  into  f34

@@ -0,0 +1,29 @@ 

+ -----BEGIN PGP PUBLIC KEY BLOCK-----

+ 

+ mQINBGAkKwgBEAC+IQKqp/BI1VIvRRqcnRoAxkzsY3pxIS1L+C4gaWjIMf1eBBTq

+ v9eKd4xHsW80VL/tl81WZWO/7JXKmgHODiXrv4HmDIOo6Z1hxehjVRF3Ih4+sKHR

+ XCJgwcdJnMfqTKnHiycQggeDuheWbfjV2Fgmvxy0jh0M5PCB5taNz41LmPOaUQmn

+ PXcI05CjP5msKjRBObw5Cd2oad60pTNhnBWRf288S8W4wH4jNISOZLZTOf6HU5gJ

+ w9wU9RZoaz8kZPNArlJjZsN83S0XLCxpa6UUgYdzPDHOWGtcWGs3bvNAlTYuacun

+ oICOvTH/ZJU7mgaZbbdSPVLDJdLBKRVgHbdTAK0J913FEiU93GJR5bf/W5FMN7DV

+ 6hsJVMiY/knJmkTFE9whDSjEc0TAYhQuC1HnzvMPGJvkeEz9nRqna5QUuo7V6LI4

+ fZNTSlqFyIi/Oa3ZoliOyOshxJmU3y1HaNcHerO1nFbTtZ7s/TKBhY9oFq4T4gJV

+ yFWy33p/JDxOtlVjpHEkzwXGdPe6R4xK8xHObEVraOMZMaweII+tMOGwVbxZu2kC

+ A1aflM+oeyU1Fx9qqM0+dYyHO+kp3M5UtfM006RcNcdfoGrA4l6z9sUnHKsYzOLP

+ RvKkzxiX3T91vHtRGCXjPOgOsJJzjkFtE1a5oFZg39fC99HZdbX0rUqAtQARAQAB

+ tDFGZWRvcmEgKDM2KSA8ZmVkb3JhLTM2LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v

+ cmc+iQJOBBMBCAA4FiEEU97Sy5Iti42eY/0YmZ98vzircfQFAmAkKwgCGw8FCwkI

+ BwIGFQoJCAsCBBYCAwECHgECF4AACgkQmZ98vzircfSGaxAAlDBWuY1Ch3YsssGE

+ uaeOuaHmDj08p08WUAFUPBN0ID+0pmRQjywFzrufw8Z2g/lHwic+tpXXr/RtMmcl

+ +WzLh1E34TRqEngjDJ27QBq1Jyid3h1manKLhZhJ8b1usKHP7Dqh7n+eMTv2Qgrt

+ 6MrCNe4otWZ9WJ5vp/Bay5yAtU6lNoWBmJ+6BS1/2mg2jhoXrfg/Vey+/i6nYZIk

+ M4IcYCyGCi9rjc8NMgkCyzPkPJtsy2taB+VdUcZyjFpc1acmC8sR/2/SEl4+pOtM

+ UzW+OUOQFrerX/8MC5LqvmtsiPMyRDCOw3reJTXyoUIehoHoK9QtAdIRRP2nAkPy

+ GKycVzsLbtheJXUZharXL1DwOkpMNlm3hp9BxX89m7dLblMSjtrQPs8CkpAExAQW

+ FBltsD73ZhGnfE/XdWp7343m1w5W2m85/rczP+2et+c+HPmYTgaJTu8fAF0FoTDd

+ uD1r9DxRa2oN3YBiPP/nXnhJaH//GgF/RRw7Fbc66fCh8DTrMsPgmyi/O3/pdSGe

+ k0UqEfSdzNPbl7gVFlCbr4Ur5n1ph+sEZqOhMuyszLZZvYvUrHsDuanML5X25coP

+ h+rqyjHJJeYlS2tMAQB1fmHB0LWhRhKYaOROAXFmUutFUxVVoigNCl8mV561DCz6

+ 6/zy81ZGeyUGOEIZ1NFuoY0EhC8=

+ =KaIq

+ -----END PGP PUBLIC KEY BLOCK-----

file modified
+5 -2
@@ -1,8 +1,10 @@ 

  fedora-7-primary: i386 x86_64 ppc ppc64

  

  fedora-8-primary: i386 x86_64 ppc ppc64

+ fedora-8-primary-original:

  

  fedora-9-primary: i386 x86_64 ppc ppc64

+ fedora-9-primary-original:

  fedora-9-secondary: ia64

  

  fedora-10-primary: i386 x86_64 ppc ppc64
@@ -19,7 +21,7 @@ 

  fedora-14-primary: i386 x86_64

  fedora-14-secondary: arm

  

- fedora-15-primary: i386 x86_64 

+ fedora-15-primary: i386 x86_64

  fedora-15-secondary: arm armhfp ppc ppc64 s390 s390x

  

  fedora-16-primary: i386 x86_64
@@ -60,6 +62,7 @@ 

  fedora-28-primary: i386 x86_64 armhfp aarch64 ppc64 ppc64le s390x

  

  fedora-29-primary: i386 x86_64 armhfp aarch64 ppc64 ppc64le s390x

+ fedora-modularity:

  

  fedora-30-primary: i386 x86_64 armhfp aarch64 ppc64le s390x

  
@@ -75,4 +78,4 @@ 

  

  fedora-35-primary: x86_64 armhfp aarch64 ppc64le s390x

  

- fedora-eln-primary: i386 x86_64 aarch64 ppc64le s390x

+ fedora-36-primary: x86_64 armhfp aarch64 ppc64le s390x

file modified
+3 -4
@@ -11,7 +11,7 @@ 

  # testing and troubleshooting for development packages in conjunction

  # with new test releases.

  #

- # More information is available at http://fedoraproject.org/wiki/Testing 

+ # More information is available at http://fedoraproject.org/wiki/Testing

  #

  # Reproducible and reportable issues should be filed at

  # http://bugzilla.redhat.com/.
@@ -22,7 +22,7 @@ 

  name=Fedora - ELN BaseOS - Developmental packages for the next Enterprise Linux release

  baseurl=https://odcs.fedoraproject.org/composes/production/latest-Fedora-ELN/compose/BaseOS/$basearch/os/

  #metalink=https://mirrors.fedoraproject.org/metalink?repo=eln&arch=$basearch

- enabled=1

+ enabled=0

  countme=1

  metadata_expire=6h

  repo_gpgcheck=0
@@ -59,7 +59,7 @@ 

  name=Fedora - ELN AppStream - Developmental packages for the next Enterprise Linux release

  baseurl=https://odcs.fedoraproject.org/composes/production/latest-Fedora-ELN/compose/AppStream/$basearch/os/

  #metalink=https://mirrors.fedoraproject.org/metalink?repo=eln&arch=$basearch

- enabled=1

+ enabled=0

  countme=1

  metadata_expire=6h

  repo_gpgcheck=0
@@ -89,4 +89,3 @@ 

  gpgcheck=1

  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch

  skip_if_unavailable=False

- 

file modified
+51 -5
@@ -3,7 +3,7 @@ 

  Summary:        Fedora package repositories

  Name:           fedora-repos

  Version:        34

- Release:        0.13%{?eln:.eln%{eln}}

+ Release:        0.14%{?eln:.eln%{eln}}

  License:        MIT

  URL:            https://fedoraproject.org/

  
@@ -72,6 +72,10 @@ 

  Source53:       RPM-GPG-KEY-fedora-33-primary

  Source54:       RPM-GPG-KEY-fedora-34-primary

  Source55:       RPM-GPG-KEY-fedora-35-primary

+ Source56:       RPM-GPG-KEY-fedora-36-primary

+ # When bumping Rawhide to fN, create N+1 key (and update archmap). (This

+ # ensures users have the next future key installed and referenced, even if they

+ # don't update very often. This will smooth out Rawhide N->N+1 transition for them).

  

  Source100:      fedora-modular.repo

  Source101:      fedora-updates-modular.repo
@@ -162,12 +166,18 @@ 

  #     says "fedora-19-primary: i386 x86_64",

  #     RPM-GPG-KEY-fedora-19-{i386,x86_64} will be symlinked to that key.

  pushd $RPM_BUILD_ROOT/etc/pki/rpm-gpg/

- # Also add a symlink for ELN keys

+ # Also add a symlink for Rawhide and ELN keys

+ ln -s RPM-GPG-KEY-fedora-%{rawhide_release}-primary RPM-GPG-KEY-fedora-rawhide-primary

  ln -s RPM-GPG-KEY-fedora-%{rawhide_release}-primary RPM-GPG-KEY-fedora-eln-primary

  for keyfile in RPM-GPG-KEY*; do

-     key=${keyfile#RPM-GPG-KEY-} # e.g. 'fedora-20-primary'

-     arches=$(sed -ne "s/^${key}://p" %{_sourcedir}/archmap) \

-         || echo "WARNING: no archmap entry for $key"

+     # resolve symlinks, so that we don't need to keep duplicate entries in archmap

+     real_keyfile=$(basename $(readlink -f $keyfile))

+     key=${real_keyfile#RPM-GPG-KEY-} # e.g. 'fedora-20-primary'

+     if ! grep -q "^${key}:" %{_sourcedir}/archmap; then

+         echo "ERROR: no archmap entry for $key"

+         exit 1

+     fi

+     arches=$(sed -ne "s/^${key}://p" %{_sourcedir}/archmap)

      for arch in $arches; do

          # replace last part with $arch (fedora-20-primary -> fedora-20-$arch)

          ln -s $keyfile ${keyfile%%-*}-$arch # NOTE: RPM replaces %% with %
@@ -177,6 +187,17 @@ 

  ln -s RPM-GPG-KEY-fedora-%{version}-primary RPM-GPG-KEY-%{version}-fedora

  popd

  

+ # Adjust Rawhide repo files to include Rawhide+1 GPG key.

+ # This is necessary for the period when Rawhide gets bumped to N+1 and packages

+ # start to be signed with a newer key. Without having the key specified in the

+ # repo file, the system would consider the new packages as untrusted.

+ rawhide_next=$((%{rawhide_release}+1))

+ for repo in %{_sourcedir}/fedora-rawhide*.repo; do

+     sed -ir "s@^gpgkey=.*@& file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-${rawhide_next}-\$basearch@" \

+         $repo || exit 1

+ done

+ 

+ # Install repo files

  install -d -m 755 $RPM_BUILD_ROOT/etc/yum.repos.d

  for file in %{_sourcedir}/fedora*repo ; do

    install -m 644 $file $RPM_BUILD_ROOT/etc/yum.repos.d
@@ -198,6 +219,28 @@ 

    %endif

  done

  

+ # make sure the Rawhide+1 key wasn't forgotten to be created

+ rawhide_next=$((%{rawhide_release}+1))

+ if ! test -f $RPM_BUILD_ROOT/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-${rawhide_next}-primary; then

+     echo "ERROR: GPG key for Fedora ${rawhide_next} is not present"

+     exit 1

+ fi

+ 

+ # make sure the Rawhide+1 key is present in Rawhide repo files

+ for repo in $RPM_BUILD_ROOT/etc/yum.repos.d/fedora-rawhide*.repo; do

+     gpg_lines=$(grep '^gpgkey=' $repo)

+     if test -z "$gpg_lines"; then

+         echo "ERROR: No gpgkey= lines in $repo"

+         exit 1

+     fi

+     while IFS= read -r line; do

+         if ! echo "$line" | grep -q "RPM-GPG-KEY-fedora-${rawhide_next}"; then

+             echo "ERROR: Fedora ${rawhide_next} GPG key missing in $repo"

+             exit 1

+         fi

+     done <<< "$gpg_lines"

+ done

+ 

  

  %files

  %dir /etc/yum.repos.d
@@ -236,6 +279,9 @@ 

  

  

  %changelog

+ * Mon Feb 22 2021 Kamil Páral <kparal@redhat.com> - 34-0.14

+ - Sync changes from Rawhide (the rawhide gpg symlink), disable ELN repo

+ 

  * Thu Feb 11 2021 Adam Williamson <awilliam@redhat.com> - 34-0.13

  - Actually enable fedora repo

  

Most importantly the RPM-GPG-KEY-fedora-rawhide-primary symlink.

Also disable the ELN repo. This was forgotten during F34 branching.

It is important to submit new gpg keys and symlinks to older releases, so that they can easily upgrade any time.
(Also we don't probably want ELN repo to be auto-enabled after installation, judging from F33).

Build succeeded.

I decided to do a big overhaul for Rawhide in https://src.fedoraproject.org/rpms/fedora-repos/pull-request/104 . If you decide to merge it, we can wait with this PR (and #102 and #103) and I'll these afterwards. If we have the repo automation change in stable releases, it will be a big simplification for the Mass Branching SOP.

Pull-Request has been merged by humaton

a month ago