Re: public keys - Craig Ringer

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Craig Ringer <[email protected]>
To: Josserand, Jesse F (NE) <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: public keys
Date: Fri, 20 Nov 2020 10:06:26 +0800
Message-ID: <CAGRY4nyrVSOORjvG5A4ybfN=xuYq8c_5vHGCukQOJSNJy7Uo5w@mail.gmail.com> (raw)
In-Reply-To: <CY1P110MB0520995070ECCAC81E6DA93F96E00@CY1P110MB0520.NAMP110.PROD.OUTLOOK.COM>
References: <CY1P110MB0520995070ECCAC81E6DA93F96E00@CY1P110MB0520.NAMP110.PROD.OUTLOOK.COM>

On Fri, Nov 20, 2020 at 1:12 AM Josserand, Jesse F (NE) <
[email protected]> wrote:

> I’m trying to do a cold yum install of postgresql 12 rpm’s, but do not
> want to use '--nogpgcheck' when doing so.
>
> Where can I get the public keys?
>
> <https://www.teksynap.com/teksynap_signatures/Jesse_Josserand/?vcard=1;
>
>
>
>
>

I don't know what you mean by a "cold" install.

The keys are packaged in the repo-rpms.

$ rpm -ql pgdg-fedora-repo
/etc/pki/rpm-gpg
/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG
/etc/yum.repos.d/pgdg-fedora-all.repo

They're also available from the repository itself:

https://download.postgresql.org/pub/repos/yum/

The key you want is:

$ gpg --fingerprint 1F16D2E1442DF0F8
pub   dsa1024 2008-01-08 [SCA]
      68C9 E2B9 1A37 D136 FE74  D176 1F16 D2E1 442D F0F8
uid           [ unknown] PostgreSQL RPM Building Project <
[email protected]>
sub   elg2048 2008-01-08 [E]

It should probably be published prominently on yum.postgresql.org by key-id
and fingerprint, so it can be verified somewhat independently of the actual
download repos, but AFAICS (
https://www.google.com/search?q=site%3Ayum.postgresql.org+1F16D2E1442DF0F8
) it is not.

so consider filing an issue for that:

https://redmine.postgresql.org/projects/pgrpms/

I also note that nobody's signed the key to attest its validity on the
keyservers. That's not necessarily required for rpms, but might be a good
idea. When I get a chance to verify it with Devrim via a side channel I'll
sign it and push my signature.

view thread (3+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: public keys
  In-Reply-To: <CAGRY4nyrVSOORjvG5A4ybfN=xuYq8c_5vHGCukQOJSNJy7Uo5w@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox