PR#29: Allow to use newere GPG keys, so Rawhide can be updated after branch. - rpms/fedora-repos

rpms / fedora-repos

#29 Allow to use newere GPG keys, so Rawhide can be updated after branch.

Merged 5 years ago by kevin. Opened 5 years ago by vondruch.

rpms/ vondruch/fedora-repos master into master

Allow to use newer GPG keys, so Rawhide can be updated after branch.

Vít Ondruch • 5 years ago

7fe1864

fedora-repos.spec

file modified

+5 -2

		`@@ -1,14 +1,14 @@`
		`Summary: Fedora package repositories`
		`Name: fedora-repos`
		`Version: 31`
		`- Release: 0.2%{?_module_build:%{?dist}}`
		`+ Release: 0.3%{?_module_build:%{?dist}}`
		`License: MIT`
		`URL: https://fedoraproject.org/`

		`Provides: fedora-repos(%{version})`
		`Requires: system-release(%{version})`
		`Requires: fedora-repos-rawhide = %{version}-%{release}`
		`- Requires: fedora-gpg-keys = %{version}-%{release}`
		`+ Requires: fedora-gpg-keys >= %{version}-%{release}`
		`Obsoletes: fedora-repos-anaconda < 22-0.3`
		`Obsoletes: fedora-repos-modular < 29-0.6`
		`Provides: fedora-repos-modular = %{version}-%{release}`
		`@@ -166,6 +166,9 @@`
		`/etc/ostree/remotes.d/fedora.conf`

		`%changelog`
		`+ * Tue Mar 12 2019 Vít Ondruch <vondruch@redhat.com> - 31-0.3`
		`+ - Allow to use newer GPG keys, so Rawhide can be updated after branch.`
		`+`
		`* Thu Mar 07 2019 Sinny Kumari <skumari@redhat.com> - 31-0.2`
		`- Create fedora-repos-ostree sub-package`

vondruch commented 5 years ago

Currently, the GPG keys have to be updated together with repositories.
But there is no strong relationship between them. After branching, there
has has to be possible to update GPG keys independently, otherwise, it
is not possible to keep updating Rawhide without usign --nogpgcheck or
different "cheating".

Original discussion of fedora-devel:

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/MFX2JDVANNEW7LWWIBBLYCN6DEPWHSXF/

Signed-off-by: Vít Ondruch vondruch@redhat.com

vondruch commented 5 years ago

This probably should go also into older releases.

ausil commented on line 23 of fedora-repos.spec 5 years ago

there is a typo, here

ausil commented on line 14 of fedora-repos.spec 5 years ago

I do not see how changing this actually changes anything. when updating from one key to a newer key you have to specify --releasever <next int> it is a complex problem to solve as it is all point in time specific.

rebased onto c32479710b717cd3bbc0ee5af0b6c3b026ff1b24

5 years ago

vondruch commented 5 years ago

there is a typo, here

Fixed

I do not see how changing this actually changes anything. when updating from one key to a newer key you have to specify --releasever <next int=""> it is a complex problem to solve as it is all point in time specific.

It is definitely complex issues, but no matter how complex the issue is, the fedora-gpg-keys = %{version}-%{release} is too strict IMO. I can't see any reason, why there shouldn't be installed newer fedora-gpg-keys, which does not precisely correspond to fedora-release version. The fedora-gpg-keys contains just a bunch of files in some directory.

pemensik commented 5 years ago

I have filled bug for the same issue, before I found this merge request. I think also Requires: of fedora-repos-rawhide should be relaxed the same way.

pemensik commented 5 years ago

I do not see how changing this actually changes anything. when updating from one key to a newer key you have to specify --releasever <next int=""> it is a complex problem to solve as it is all point in time specific.

I think there is one missing point. If requires is relaxed, gpg keys could be update in all supported previous versions of Fedora. It would require just update of gpg keys. If that was done on branching, there would be no issue upgrading from any previous release to rawhide, if that was upgraded enough before. --releasever is still far more user friendly than importing GPG key by hand IMO.