#7011 Manually sign platform-master module
Closed: Fixed 3 years ago Opened 3 years ago by ralph.

The modular rawhide compose is failing because one of the modules got missed by robosignatory somehow.

scripts/mbs❯ python find-unsigned-modules.py platform-master shim-master host-master installer-master                                    releng/git/unretire 
Using cache file /var/tmp/find-unsigned-modules-cache.dbm
- platform-master-20170831153816 with tag module-04d473e823171085 is not signed.
+ shim-master-20170502110601 with tag module-5d197e359fd3ea1d is signed with a3cc4e62
+ host-master-20170830200108 with tag module-9b25049ee3561681 is signed with a3cc4e62
+ installer-master-20170822180922 with tag module-4ed16bacdadd8f0f is signed with a3cc4e62

This should be fixable by running robosignatory-signmodule module-04d473e823171085 on the autosign box.

/cc @puiterwijk.


If modules are now blocking releases (composes), we need to start doing gated autosigning for modules.
Previously, the modularity team said they're fine with ungated, so a best-effort, autosigning, but if it's now required for the current releases, we should get away from best-effort.

Also, please do note that running that command will result in autosigning being down for an extended period of time.

There was some discussion about whether or not to sign this in #fedora-releng that seems to have wound up in a stalemate.

We definitely need this to be signed in order to pick back up on 27 modular composes. The images should start getting produced as a part of the compose now that the installer content is there.

@puiterwijk's concern in channel was that this would block signing for other content for quite a while. @adamwill wasn't sure whether or not it should happen and @sgallagh was also unsure if @psabata (on PTO) had another build in flight that would obviate this.

I checked - and there is no new platform build currently underway which means we will continue to be blocked on this for the next run of the nightly f27 compose. I recommend executing the manual signing now to get it running "over night" (which is TZ dependent, I know).

I'm not on PTO, I just wasn't around at midnight.

The latest build is indeed platform-master-20170831153816, i.e. module-04d473e823171085. There's no other build in flight, nor is any other component-changing build scheduled for the near future.

OK - checking this morning, and that latest platform-master build is signed now. I assume @puiterwijk did it. Thanks!

I just kicked off https://kojipkgs.fedoraproject.org/compose/Fedora-Modular-27-20170907.n.0/ to see how it goes.

Metadata Update from @ralph:
- Issue close_status updated to: Fixed

3 years ago

Login to comment on this ticket.

Metadata