rpms / fedora-repos

Clone
Source Code
GIT

#77 Update F32 with working architecture specific keys
Closed 2 years ago by pemensik. Opened 2 years ago by pemensik.
rpms/ pemensik/fedora-repos f32  into  f32

file modified
+3 
@@ -1,9 +1,11 @@ 
 

  fedora-7-primary: i386 x86_64 ppc ppc64
 

  

  fedora-8-primary: i386 x86_64 ppc ppc64
 

+ fedora-8-primary-original:
 

  

  fedora-9-primary: i386 x86_64 ppc ppc64
 

  fedora-9-secondary: ia64
 

+ fedora-9-primary-original:
 

  

  fedora-10-primary: i386 x86_64 ppc ppc64
 

  
@@ -60,6 +62,7 @@ 
 

  fedora-28-primary: i386 x86_64 armhfp aarch64 ppc64 ppc64le s390x
 

  

  fedora-29-primary: i386 x86_64 armhfp aarch64 ppc64 ppc64le s390x
 

+ fedora-modularity:
 

  

  fedora-30-primary: i386 x86_64 armhfp aarch64 ppc64le s390x

file modified
+20 -2 
@@ -14,6 +14,8 @@ 
 

  Obsoletes:      fedora-repos-modular < 29-0.6
 

  Provides:       fedora-repos-modular = %{version}-%{release}
 

  BuildArch:      noarch
 

+ # Required by %%check
 

+ BuildRequires:  gnupg
 

  

  Source1:        archmap
 

  Source2:        fedora.repo
 
@@ -150,8 +152,11 @@ 
 

  ln -s RPM-GPG-KEY-fedora-%{rawhide_release}-primary RPM-GPG-KEY-fedora-eln-primary
 

  for keyfile in RPM-GPG-KEY*; do
 

      key=${keyfile#RPM-GPG-KEY-} # e.g. 'fedora-20-primary'
 

-     arches=$(sed -ne "s/^${key}://p" %{_sourcedir}/archmap) \
 

-         || echo "WARNING: no archmap entry for $key"
 

+     if ! grep -q "^${key}:" %{_sourcedir}/archmap; then
 

+         echo "ERROR: no archmap entry for $key"
 

+         exit 1
 

+     fi
 

+     arches=$(sed -ne "s/^${key}://p" %{_sourcedir}/archmap)
 

      for arch in $arches; do
 

          # replace last part with $arch (fedora-20-primary -> fedora-20-$arch)
 

          ln -s $keyfile ${keyfile%%-*}-$arch # NOTE: RPM replaces %% with %
 
@@ -171,6 +176,19 @@ 
 

  install -m 644 %{_sourcedir}/fedora.conf $RPM_BUILD_ROOT/etc/ostree/remotes.d/
 

  install -m 644 %{_sourcedir}/fedora-compose.conf $RPM_BUILD_ROOT/etc/ostree/remotes.d/
 

  

+ # Check the builder is on supported architectures
 

+ TMPRING=$(mktemp)
 

+ ARCH=$(arch)
 

+ case "$ARCH" in
 

+   i?86)   BASEARCH=i386 ;;
 

+   armv?l) BASEARCH=armhfp ;;
 

+   *)      BASEARCH=$ARCH ;;
 

+ esac
 

+ for VER in %{version} %{rawhide_release}; do
 

+   gpg --no-default-keyring --keyring="$TMPRING" \
 

+     --import $RPM_BUILD_ROOT%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-fedora-${VER}-$BASEARCH
 

+ done
 

+ rm -f "$TMPRING"
 

  %files
 

  %dir /etc/yum.repos.d
 

  %config(noreplace) /etc/yum.repos.d/fedora.repo

I think by mistake only fedora-34-primary was added to fedora-gpg-keys package. Add also platform specific links to new package.

rebased onto 3f095b06312620fe4edc065aa85c05fce0674be1
2 years ago

rebased onto 5c0d907eebe0e1206d5728a97dd7e4358ba72fb5
2 years ago

can you rebase?

rebased onto 000c5d5
2 years ago

Rebased. Added also new f35 record, it was missing again.
Of course, f33 and rawhide braches miss arch record as well, needs modification.

Build succeeded.

f35 is missing on purpose, we don't branch until tomorrow... so f35 doesn't exist... yet.

rebased onto cd5b04f
2 years ago

Build succeeded.

What is purpose of missing arch keys @kevin ? It would fail again, if f35 is branched before all stable releases got also arch links with key. IMO new key addition is independent on branching itself. Rawhide CANNOT use the new f35 key until it is available on stable branches.

How is the new key activation different from branching?

3 new commits added

  • Do test import of gpg arch key
  • Add f35 key to all archs
  • Prevent accidental empty list of architectures
2 years ago

Build succeeded.

1 new commit added

  • Workaround on platforms, where $basearch != $(arch)
2 years ago

Build succeeded.

What is purpose of missing arch keys @kevin ? It would fail again, if f35 is branched before all stable releases got also arch links with key. IMO new key addition is independent on branching itself. Rawhide CANNOT use the new f35 key until it is available on stable branches.

I agree, the keys should be created in advance. In https://pagure.io/releng/issue/7445 (PRs to be created once branching is over), I suggest to create them one release in advance, i.e. include an F36 key when Rawhide becomes F35. It will make upgrade processes smoother and it should eliminate the needs for "transition periods" or --nogpgcheck during Rawhide upgrades.

Yes, please. I believe Mohan forgot to update archmap when adding the F35 key in https://src.fedoraproject.org/rpms/fedora-repos/c/741f93f2edd92c0efd7241d965aa94bbe1bc14f5?branch=rawhide . If we change this to be an error, similar mistakes can no longer happen. (I actually wanted to make the same change as part of my own PR, but I see it's already included here).

FYI, I made the changes to F35 archmap as its needed asap.

rebased onto 92de610
2 years ago

Build succeeded.

It is too late to update f32, it would not receive any update. I am closing this update.

Pull-Request has been closed by pemensik
2 years ago
Changes Summary 2
+3 -0
file changed
archmap
+20 -2
file changed
fedora-repos.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.