On Wednesday, February 10, 2021 2:49:00 PM CET Pavel Raiskup wrote: > On Wednesday, February 10, 2021 12:29:51 AM CET Kevin Fenzi wrote: > > On Tue, Feb 09, 2021 at 06:19:41PM -0500, Mohan Boddu wrote: > > > On Mon, Feb 8, 2021 at 7:18 PM Petr Menšík <pemen...@redhat.com> wrote: > > > > > > > > Hi, > > > > > > > > I were unable to find time in the schedule, at which the new F35 GPG key > > > > would be activated to sign new builds. > > > > > > It will be done a week before mass branching, but we are thinking of > > > doing it a bit earlier to give more time. > > > > I think we should make the f36 key right now and add it to fedora-repos > > and push it out to all branches. Then, when we get to f35 branching, we > > make the f37 key (ie, we stay 6 months ahead). > > > > This way everyone has the new key already and there's no scrambling. > > > > (or this week, doesn't have to be today, just soon) > > Yes please! Something along those lines was proposed before, because it > significantly eases mock maintenance during the branching period. E.g. > now, at the time of F34 branching we already have released > mock-core-configs (check updates-testing) with new F35 configuration and > everything should be working. > > Sure, temporarily, the fedora-34-x86_64 chroot builds against 34 repos > (still equivalent to rawhide), fedora-35-x86_64 config is symlink to > rawhide, and builds against rawhide (still f34). So the only thing users > will observe that 'fedora-rawhide-*' and 'fedora-35-*' are temporarily > producing RPMs with fc34 %dist tag and this will automatically change once > the mirrors are updated. > > It works now because the gpg keys have been generated a bit in advance for > a few last fedora releases (in copr team we try to notify administrators > to do that), but having it 6 months in advance will be better (less rush). > I think we should dump this to the branching policy/howto documents so we > don't have to manually track that. Finally, if we could document there > that updated distribution-gpg-keys and mock-core-configs packages should > be released, it would be an awesome help ...
And we forgot to bump one configuration option in mock-core-configs, which eventually broke the fluent branching process in mock. The related mock failure looks like this: >> [SKIPPED] zlib-1.2.11-24.fc34.x86_64.rpm: Already downloaded >> warning: >> /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1613034650.541875/root/var/cache/dnf/fedora-2d95c80a1fa0a67d/packages/fedora-gpg-keys-35-0.1.noarch.rpm: >> Header V4 RSA/SHA256 Signature, key ID 9867c58f: NOKEY >> fedora 1.6 MB/s | 1.6 kB 00:00 >> GPG key at >> file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-34-primary >> (0x45719A39) is already installed >> fedora 1.6 MB/s | 1.6 kB 00:00 >> GPG key at >> file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-34-primary >> (0x45719A39) is already installed I've just wrapped a new mock-core-configs release which has the fix, and updated the builds in bodhi updates. Sorry for inconvenience, I'm going to mention this in mock documentation so it shouldn't happen next time. Pavel _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
