Unsigned libevent RPM for 9.6 beta / F23

public inbox for [email protected]  
help / color / mirror / Atom feed

Unsigned libevent RPM for 9.6 beta / F23
3+ messages / 2 participants
[nested] [flat]

* Unsigned libevent RPM for 9.6 beta / F23
@ 2016-05-17 06:05  Oskari Saarenmaa <[email protected]>
  0 siblings, 2 replies; 3+ messages in thread

From: Oskari Saarenmaa @ 2016-05-17 06:05 UTC (permalink / raw)
  To: pgsql-pkg-yum

http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/ currently 
contains an unsigned libevent-2.0.22-1.f23.x86_64.rpm package breaking 
installations when gpg check is requested.

I'm wondering if the package is needed at all on Fedora which provides 
libevent 2.0.21?

Unsigned packages have appeared a couple of times in the repos, would it 
be possible to add a step checking signatures to the publishing process, 
eg something that just runs rpm -K on the rpms.

Thanks,
Oskari

--
Oskari Saarenmaa
Aiven: managed cloud databases
https://aiven.io

-- 
Sent via pgsql-pkg-yum mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-pkg-yum

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: Unsigned libevent RPM for 9.6 beta / F23
@ 2016-05-17 08:41  Devrim Gündüz <[email protected]>
  parent: Oskari Saarenmaa <[email protected]>
  1 sibling, 0 replies; 3+ messages in thread

From: Devrim Gündüz @ 2016-05-17 08:41 UTC (permalink / raw)
  To: Oskari Saarenmaa <[email protected]>; pgsql-pkg-yum

Hi,

On Tue, 2016-05-17 at 09:05 +0300, Oskari Saarenmaa wrote:
> http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/ currently 
> contains an unsigned libevent-2.0.22-1.f23.x86_64.rpm package breaking 
> installations when gpg check is requested.

*sigh*.

> I'm wondering if the package is needed at all on Fedora which provides 
> libevent 2.0.21?

Just a newer version, that is all. I agree that it is not a must.

> Unsigned packages have appeared a couple of times in the repos, would it 
> be possible to add a step checking signatures to the publishing process, 
> eg something that just runs rpm -K on the rpms.

Actually the packages cannot be built without signing them first -- at least it
used to be case until Fedora 22.

As of Fedora 22, we enter the passhprase once, and virtually all packages can
be built. The problem is, there is a (IIRC) 30 min timeout for a single
package. If the build takes longer than that, rpmbuild again asks for the
passphrase. If we are late at entering the password, the packages are built w/o
the keys.

For this particular 9.6/F-23 issue you reported, I intentionally built all
packages w/o gpg keys, to skip the issue above, then I'd sign everything
manually. I probably pushed the packages w/o signing them, before leaving home
at 05:30 on Sunday for my flight. Sorry about that.

I pushed signed packages to repo. They will sync to master repo in next hour.

Regards,
-- 
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

Attachments:

  [application/pgp-signature] signature.asc (819B, 2-signature.asc)
  download

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: Unsigned libevent RPM for 9.6 beta / F23
@ 2016-06-01 18:45  Devrim Gündüz <[email protected]>
  parent: Oskari Saarenmaa <[email protected]>
  1 sibling, 0 replies; 3+ messages in thread

From: Devrim Gündüz @ 2016-06-01 18:45 UTC (permalink / raw)
  To: Oskari Saarenmaa <[email protected]>; pgsql-pkg-yum


Hi,

On Tue, 2016-05-17 at 09:05 +0300, Oskari Saarenmaa wrote:
> http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/ currently 
> contains an unsigned libevent-2.0.22-1.f23.x86_64.rpm package breaking 
> installations when gpg check is requested.
> 
> I'm wondering if the package is needed at all on Fedora which provides 
> libevent 2.0.21?
> 
> Unsigned packages have appeared a couple of times in the repos, would it 
> be possible to add a step checking signatures to the publishing process, 
> eg something that just runs rpm -K on the rpms.

Today I found more packages that I did not sign in 9.6 repos. Fixed all.

Regards,
-- 
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR




Attachments:

  [application/pgp-signature] signature.asc (819B, 2-signature.asc)
  download

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

end of thread, other threads:[~2016-06-01 18:45 UTC | newest]

Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2016-05-17 06:05 Unsigned libevent RPM for 9.6 beta / F23 Oskari Saarenmaa <[email protected]>
2016-05-17 08:41 ` Devrim Gündüz <[email protected]>
2016-06-01 18:45 ` Devrim Gündüz <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox