Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1kfvoz-0002SK-Gw
	for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Nov 2020 02:06:46 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1kfvoy-0003Fr-8Y
	for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Nov 2020 02:06:44 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <craig.ringer@enterprisedb.com>)
	id 1kfvox-0003Fk-Qp
	for pgsql-pkg-yum@lists.postgresql.org; Fri, 20 Nov 2020 02:06:44 +0000
Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431])
	by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <craig.ringer@enterprisedb.com>)
	id 1kfvos-0001hT-Uf
	for pgsql-pkg-yum@postgresql.org; Fri, 20 Nov 2020 02:06:42 +0000
Received: by mail-wr1-x431.google.com with SMTP id l1so8434440wrb.9
        for <pgsql-pkg-yum@postgresql.org>;
 Thu, 19 Nov 2020 18:06:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=tOJFO6cCa96ZV6JUut6nZfQJ9ny388L+S1/wamwTE+k=;
        b=udM0mtJVrsep2B3BV7JiCDNgzA7QtoWRvHppjXjPuvV4U7WDGevBOPLXefr2/zQ7Dd
         bPaATnysa2FSBwRIiKDXv6ffnZgRtT/yAEzkiLQ0YQyqMQFB2KadYoCx6Y8cFQGTVDTQ
         wcNDlBxmEMTiQoCLeWmnBfihZ1dozUx0sbRrDhiAsBMkxfB/47D/1raUtd7qCYmHtv8O
         pP4//goAnehLyfXBiLiuPPZXey8URxaBYUWSVyIHJ5dk+zGW0SNq5ADEMLckIWUfvOAw
         k3Vb8Gn89P5rurG4O8UqI3jLtzuGSz2OcZFXc/Rxcg3uDO4UQjComdS6nJoJpfo2X62J
         yhmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=tOJFO6cCa96ZV6JUut6nZfQJ9ny388L+S1/wamwTE+k=;
        b=B8upoYVJxFCpx9N60IhXPkdpOifvMly3LTax5nFj03DbLTtoeUcdZWk3FK8Lq+08n0
         kfsGd1Q1pEHKCpvLKUpK8W990VOPRjTqfiIDN6PMCMRGvdtXCQoF1i24eIAD3Zp1MFl1
         2t5h+ATZW/1tH92/wg3JqqYK7B7dZZFw6qNofe0X6E4g+oi+wmLwEp3yYlGG9Ah224dS
         w0So+k0GAoFyNw/4YjqO0l3zD6IqAjaiaoZqdflVeQqoMoiyKo6lWJPQ/5k8hJcBmYNR
         1DTDmKR05K8de6adp9NIMIzhbtwoKS+m2yvtq8J11YN5SJgCe3L32hX3lduXLM02fGJ4
         LERg==
X-Gm-Message-State: AOAM531I3KSBkHl7FFzhRGGFxz8NqRNxomvlh5jwPVk39xbN6ysMUj2Y
	6oKy7Bnyru3DTSFXKn+LrL9kZYZV00fSuBDSuVPotb9+fdV8iCm3itZWvYQ+60YOxeHxQG8EEvA
	bt9mwLzKGgsoC13/Qr3xlPsJt1cPv4ujpMJjTCprbs6szVfGWe6WBV0QKOzU+V7GGweIKr6ox4y
	kCsnkN61f1Txmhf1+pzivKBgtLaW/fmAdplsNnAIC6jLu8NqcRvdyC
X-Google-Smtp-Source: 
 ABdhPJyAW5EYgRL8cEk2Bc0fkuhuwo75t6ijl8lvDcvFZV5JqkliUtfOpwQ2R2Z6KwuurDuuxNmXXOBcsrDs8UdZBMs=
X-Received: by 2002:adf:de85:: with SMTP id w5mr13778898wrl.90.1605837997299;
 Thu, 19 Nov 2020 18:06:37 -0800 (PST)
MIME-Version: 1.0
References: 
 <CY1P110MB0520995070ECCAC81E6DA93F96E00@CY1P110MB0520.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: 
 <CY1P110MB0520995070ECCAC81E6DA93F96E00@CY1P110MB0520.NAMP110.PROD.OUTLOOK.COM>
From: Craig Ringer <craig.ringer@enterprisedb.com>
Date: Fri, 20 Nov 2020 10:06:26 +0800
Message-ID: 
 <CAGRY4nyrVSOORjvG5A4ybfN=xuYq8c_5vHGCukQOJSNJy7Uo5w@mail.gmail.com>
Subject: Re: public keys
To: "Josserand, Jesse F (NE)" <Jesse.Josserand@gdit.com>
Cc: "pgsql-pkg-yum@postgresql.org" <pgsql-pkg-yum@postgresql.org>
Content-Type: multipart/alternative; boundary="00000000000065710c05b4804b7f"
X-CLOUD-SEC-AV-Info: enterprisedb,google_mail,monitor
X-CLOUD-SEC-AV-Sent: true
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk

--00000000000065710c05b4804b7f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 20, 2020 at 1:12 AM Josserand, Jesse F (NE) <
Jesse.Josserand@gdit.com> wrote:

> I=E2=80=99m trying to do a cold yum install of postgresql 12 rpm=E2=80=99=
s, but do not
> want to use '--nogpgcheck' when doing so.
>
> Where can I get the public keys?
>
> <https://www.teksynap.com/teksynap_signatures/Jesse_Josserand/?vcard=3D1>
>
>
>
>
>

I don't know what you mean by a "cold" install.

The keys are packaged in the repo-rpms.

$ rpm -ql pgdg-fedora-repo
/etc/pki/rpm-gpg
/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG
/etc/yum.repos.d/pgdg-fedora-all.repo

They're also available from the repository itself:

https://download.postgresql.org/pub/repos/yum/

The key you want is:

$ gpg --fingerprint 1F16D2E1442DF0F8
pub   dsa1024 2008-01-08 [SCA]
      68C9 E2B9 1A37 D136 FE74  D176 1F16 D2E1 442D F0F8
uid           [ unknown] PostgreSQL RPM Building Project <
pgsqlrpms-hackers@pgfoundry.org>
sub   elg2048 2008-01-08 [E]

It should probably be published prominently on yum.postgresql.org by key-id
and fingerprint, so it can be verified somewhat independently of the actual
download repos, but AFAICS (
https://www.google.com/search?q=3Dsite%3Ayum.postgresql.org+1F16D2E1442DF0F=
8
) it is not.

so consider filing an issue for that:

https://redmine.postgresql.org/projects/pgrpms/

I also note that nobody's signed the key to attest its validity on the
keyservers. That's not necessarily required for rpms, but might be a good
idea. When I get a chance to verify it with Devrim via a side channel I'll
sign it and push my signature.

--00000000000065710c05b4804b7f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Fri, Nov 20, 2020 at 1:12 AM Josserand=
, Jesse F (NE) &lt;<a href=3D"mailto:Jesse.Josserand@gdit.com">Jesse.Josser=
and@gdit.com</a>&gt; wrote:<br></div><div class=3D"gmail_quote"><blockquote=
 class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so=
lid rgb(204,204,204);padding-left:1ex">





<div lang=3D"EN-US">
<div class=3D"gmail-m_-1255492706626799586WordSection1">
<p class=3D"MsoNormal">I=E2=80=99m trying to do a cold yum install of postg=
resql 12 rpm=E2=80=99s, but do not want to use &#39;--nogpgcheck&#39; when =
doing so.<u></u><u></u></p>
<p class=3D"MsoNormal">Where can I get the public keys?<u></u><u></u></p>
<table style=3D"width:6.25in;border-collapse:collapse" width=3D"0" cellspac=
ing=3D"0" cellpadding=3D"0" border=3D"0"><tbody><tr><td style=3D"width:370.=
5pt;padding:0.75pt" width=3D"492"><table style=3D"width:96.75pt;border-coll=
apse:collapse" width=3D"0" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"=
><tbody><tr><td style=3D"width:48pt;padding:0.75pt" width=3D"66"><p class=
=3D"MsoNormal"><a href=3D"https://www.teksynap.com/teksynap_signatures/Jess=
e_Josserand/?vcard=3D1" title=3D"Save vCard" target=3D"_blank"><span style=
=3D"font-size:8.5pt;color:rgb(68,68,68);text-decoration:none"></span></a><s=
pan style=3D"font-size:8.5pt"><u></u><u></u></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div></div></blockquote><div><br></div><div>I don&#39;t know what you mean=
 by a &quot;cold&quot; install.</div><div><br></div><div>The keys are packa=
ged in the repo-rpms.</div><div><br></div><div>$ rpm -ql pgdg-fedora-repo <=
br>/etc/pki/rpm-gpg<br>/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG<br>/etc/yum.repos.=
d/pgdg-fedora-all.repo</div><div><br></div><div>They&#39;re also available =
from the repository itself:<br></div><div><br></div><div><a href=3D"https:/=
/download.postgresql.org/pub/repos/yum/">https://download.postgresql.org/pu=
b/repos/yum/</a></div><div><br></div><div>The key you want is:</div><div><b=
r></div><div>$ gpg --fingerprint 1F16D2E1442DF0F8<br>pub =C2=A0 dsa1024 200=
8-01-08 [SCA]<br>=C2=A0 =C2=A0 =C2=A0 68C9 E2B9 1A37 D136 FE74 =C2=A0D176 1=
F16 D2E1 442D F0F8<br>uid =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 [ unknown] Pos=
tgreSQL RPM Building Project &lt;<a href=3D"mailto:pgsqlrpms-hackers@pgfoun=
dry.org">pgsqlrpms-hackers@pgfoundry.org</a>&gt;<br>sub =C2=A0 elg2048 2008=
-01-08 [E]<br><br></div><div>It  should probably be published prominently o=
n <a href=3D"http://yum.postgresql.org">yum.postgresql.org</a> by key-id an=
d fingerprint, so it can be verified somewhat independently of the actual d=
ownload repos, but AFAICS ( <a href=3D"https://www.google.com/search?q=3Dsi=
te%3Ayum.postgresql.org+1F16D2E1442DF0F8">https://www.google.com/search?q=
=3Dsite%3Ayum.postgresql.org+1F16D2E1442DF0F8</a> ) it is not.<br></div><di=
v><br></div><div>so consider filing an issue for that:</div><div><br></div>=
<div><a href=3D"https://redmine.postgresql.org/projects/pgrpms/">https://re=
dmine.postgresql.org/projects/pgrpms/</a></div><div><br></div><div>I also n=
ote that nobody&#39;s signed the key to attest its validity on the keyserve=
rs. That&#39;s not necessarily required for rpms, but might be a good idea.=
 When I get a chance to verify it with Devrim via a side channel I&#39;ll s=
ign it and push my signature.<br></div></div></div>

--00000000000065710c05b4804b7f--