Learn more about these different git repos.
Other Git URLs
Additionally, please re-sign the current ELN builds with the current (F37) Rawhide key.
When do you need this? (YYYY/MM/DD) As soon as possible, as many packages aren't installable and COPR is being forced to implement a workaround.
When is this no longer needed or useful? (YYYY/MM/DD) This will be needed until the heat death of the universe or the end of Fedora ELN, whichever comes first.
If we cannot complete your request, what is the impact? Unsigned ELN packages will lead to either lower usage or higher risk for those using it.
I can resign everything now, but we also need to adjust robosignatory to sign new builds with the new key too (which needs a freeze break).
Does anything need to adjust on your composes end? Or you can handle that change?
What are you telling pungi to gather currently? f36 key? or f37 key ? or both?
https://pagure.io/fedora-infra/ansible/pull-request/1012
From pungi-fedora
# Fedora signing keys. sigkeys = ['9867c58f', '45719a39', '9570FF31', 'D300E724', '38AB71F4', '5323552a']
I think that's actually F32 through F37.
This needs documentations updates.
Metadata Update from @mohanboddu: - Issue tagged with: docs, medium-gain, medium-trouble, ops
ok. I have signed all currently tagged eln builds with fedora-37 key. Also, robosignatory will sign with fedora-37 key moving forward. You should be able to nuke all the old keys from your compose and compose with just f37 key and it should work. Let me know if it doesn't.
@kevin It looks like you may have missed signing the ELN modules?
2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-modules-debugsource-0.15.0-11.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-modules-0.15.0-11.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-docs-6.0.9-1.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-devel-6.0.9-1.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-docs-6.0.9-1.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-6.0.9-1.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-devel-6.0.9-1.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-modules-debuginfo-0.15.0-11.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-modules-debugsource-0.15.0-11.module_eln+13661+d462384d 2022-03-25 15:08:52 [DEBUG ] Waiting for signed package to appear for varnish-modules-0.15.0-11.module_eln+13661+d462384d
I didn't even know eln had modules. ;)
I am not sure how to sign them... perhaps @mohanboddu knows?
I have updated the SOP to make sure that ELN is signed by the rawhide key after branching.
In addition to making sure it's re-signed, we also need to make sure that the tag that DistroBuildSync listens for is updated to match the new Fedora release: https://gitlab.com/redhat/centos-stream/ci-cd/distrosync/distrobuildsync-config/-/blob/main/distrobaker.yaml
I've done it for this release, but in the future this should either be part of the SOP or else I should try to figure out how to auto-detect it.
Login to comment on this ticket.