Re: [packman] Project signing key cannot be extended on PMBS - Bug?
Hi Stefan, On Wed, 14 Oct 2020, 13:32:47 +0200, Stefan Botter wrote: > Hi Manfred, > > Am Mittwoch, den 14.10.2020, 10:36 +0200 schrieb Manfred Hollstein: > > yesterday I got the message from "zypper ref -f" that my project > > signing > > key on PMBS will expire in 8 days. I then used the following command > > to > > extend the key's lifetime: > > > > osc -A pmbs signkey --extend home:manfred.h > > > > where "pmbs" is an alias for "https://pmbs-api.links2linux.de; in my > > ~/.oscrc > > > > Although running that command resulted in > > > > > > > > it didn't appear to have changed anything as "zypper ref -f" today now > > shows this for my key: > > > > The gpg key signing file 'repomd.xml' will expire in 7 days. > > Repository: home:manfred.h:pmbs.obs > > Key Name: home:manfred.h OBS Project > manfre...@packman.links2linux.de> > > Key Fingerprint: 7D2E3C09 B9D9BE6A 10EEA70D BEBA8597 97A18328 > > Key Created: Mon Aug 13 15:16:23 2018 > > Key Expires: Wed Oct 21 15:16:23 2020 (expires in 7 days) > > Rpm Name: gpg-pubkey-97a18328-5b7184a7 > > > > @Stefan, can you please check if key managemend in PMBS works as > > expected? > > Yes, apart from the reported problem with MakeMKV there should be no > other problem - at least I hope so :) > > GPG key handling in OBS should be automatic, usually there is no need to > manually extend the key lifetime - as far as I know, and have gathered > from OBS developers, mailinglist and IRC chat. > Upon publishing of new packages the repository is recreated. If the GPG > key is expired (or perhaps near expiring - IDK), the key's lifetime is > extended, and the repo is signed with the extended key. > > Of course you can manually extend the key for your repo, and you did so > successfully. Have a look at > https://pmbs.links2linux.de/project/show/home:manfred.h > and click on the "GPG Key / SSL Certificate" link. This will show you > the expiry date of Dec 23rd, 2022, and gives your the opportunity to > download the public key. > > Your repository on the other hand is still signed with the "old"/non- > extended key. Once a package is rebuild and published - the package has > to be changed(!) - the repo is signed with the extended key. > This behavior is probably a shortcoming in OBS, but usually - normally - > actually - erm, how should I phrase this - packages inside a repo are > "live", and there is no week going by without changes to packages in > repos :) so you will not approach the problem with an expiring key. > It happens, though, when you have a repo with more or less static > packages inside, which do not get updated or changed due to rebuilds. thanks a lot for the great explanation! Indeed, I mostly use my repo to check newer Kodi based stuff, which apparently happened quite some time ago... > Submit a "nonsense" package, let it build and publish, and delete the > package. Then your repo will be signed with the extended key. Will do so! Thanks again for your great work! > Greetings, > > Stefan Cheers. l8er manfred signature.asc Description: PGP signature ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] Project signing key cannot be extended on PMBS - Bug?
Hi Manfred, Am Mittwoch, den 14.10.2020, 10:36 +0200 schrieb Manfred Hollstein: > yesterday I got the message from "zypper ref -f" that my project > signing > key on PMBS will expire in 8 days. I then used the following command > to > extend the key's lifetime: > > osc -A pmbs signkey --extend home:manfred.h > > where "pmbs" is an alias for "https://pmbs-api.links2linux.de; in my > ~/.oscrc > > Although running that command resulted in > > > > it didn't appear to have changed anything as "zypper ref -f" today now > shows this for my key: > > The gpg key signing file 'repomd.xml' will expire in 7 days. > Repository: home:manfred.h:pmbs.obs > Key Name: home:manfred.h OBS Project manfre...@packman.links2linux.de> > Key Fingerprint: 7D2E3C09 B9D9BE6A 10EEA70D BEBA8597 97A18328 > Key Created: Mon Aug 13 15:16:23 2018 > Key Expires: Wed Oct 21 15:16:23 2020 (expires in 7 days) > Rpm Name: gpg-pubkey-97a18328-5b7184a7 > > @Stefan, can you please check if key managemend in PMBS works as > expected? Yes, apart from the reported problem with MakeMKV there should be no other problem - at least I hope so :) GPG key handling in OBS should be automatic, usually there is no need to manually extend the key lifetime - as far as I know, and have gathered from OBS developers, mailinglist and IRC chat. Upon publishing of new packages the repository is recreated. If the GPG key is expired (or perhaps near expiring - IDK), the key's lifetime is extended, and the repo is signed with the extended key. Of course you can manually extend the key for your repo, and you did so successfully. Have a look at https://pmbs.links2linux.de/project/show/home:manfred.h and click on the "GPG Key / SSL Certificate" link. This will show you the expiry date of Dec 23rd, 2022, and gives your the opportunity to download the public key. Your repository on the other hand is still signed with the "old"/non- extended key. Once a package is rebuild and published - the package has to be changed(!) - the repo is signed with the extended key. This behavior is probably a shortcoming in OBS, but usually - normally - actually - erm, how should I phrase this - packages inside a repo are "live", and there is no week going by without changes to packages in repos :) so you will not approach the problem with an expiring key. It happens, though, when you have a repo with more or less static packages inside, which do not get updated or changed due to rebuilds. Submit a "nonsense" package, let it build and publish, and delete the package. Then your repo will be signed with the extended key. Greetings, Stefan -- Stefan Botter zu Hause Bremen signature.asc Description: This is a digitally signed message part ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
[packman] PMBS hickup, was: Re: MakeMKV
Hi Olaf, an all packmans, Am Montag, den 12.10.2020, 20:09 +0200 schrieb Olaf Hering: > Am Mon, 12 Oct 2020 19:34:18 +0200 > schrieb Grozdan : > > > I'm the maintainer of the MakeMKV package. Today I accidentally > > deleted this project and am not able to add it again to Multimedia. > > PMBS is apparently slightly broken since a few days: Yes, indeed. There was a problem with the network adapters of the Synology DS620slim I am using as storage backend. Last Saturday around 5:08 a.m. CEST the network driver reported being stuck (RTL8168 - el cheapo...). This lead to all my VMs being diskless. I could revive them, but did not notice the problems my two OBS instances were having. > osc undelete -m undelete Multimedia MakeMKV > Server returned an error: HTTP Error 400: Bad Request > /srv/obs/events/lastevents: bad last line at > /usr/lib/obs/server/BSFileDB.pm line 269. The "lastevents" and "lastnotifications" files were corrupted, I have fixed them. Unfortunately the MakeMKV package seems to have been lost, an undelete is not possible, although I can see the packages files still on disk. I notice a rather new branch (8 days old) at home:Aloysius:branches:Multimedia, perhaps we can salvage the package from this branch? Olaf, do you know what to do here? If all fails, I can restore PMBS to the latest backup prior to the problems, that would be sometime around Saturday, 02:38 a.m. That would take a while to recover, as the backup is at home, and I have only a 50MBit/s uplink ... Greetings, Stefan -- Stefan Botter zu Hause Bremen signature.asc Description: This is a digitally signed message part ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] [PM] ffmpeg-4 4.3.1-6.8 (openSUSE Tumbleweed/x86_64)
Am Wed, 14 Oct 2020 10:16:27 +0200 schrieb Wolfgang Bauer : > add back ffmpeg-4.2 This is something we should consider once PMBS is fully functional again. Before doing that it has to determined what ABI (not just the SONAME) the 3rd party binary packages expect. Olaf pgpuXfzzJSvi1.pgp Description: Digitale Signatur von OpenPGP ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
[packman] Project signing key cannot be extended on PMBS - Bug?
Hi there, yesterday I got the message from "zypper ref -f" that my project signing key on PMBS will expire in 8 days. I then used the following command to extend the key's lifetime: osc -A pmbs signkey --extend home:manfred.h where "pmbs" is an alias for "https://pmbs-api.links2linux.de; in my ~/.oscrc Although running that command resulted in it didn't appear to have changed anything as "zypper ref -f" today now shows this for my key: The gpg key signing file 'repomd.xml' will expire in 7 days. Repository: home:manfred.h:pmbs.obs Key Name: home:manfred.h OBS Project Key Fingerprint: 7D2E3C09 B9D9BE6A 10EEA70D BEBA8597 97A18328 Key Created: Mon Aug 13 15:16:23 2018 Key Expires: Wed Oct 21 15:16:23 2020 (expires in 7 days) Rpm Name: gpg-pubkey-97a18328-5b7184a7 @Stefan, can you please check if key managemend in PMBS works as expected? TIA, cheers. l8er manfred signature.asc Description: PGP signature ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] [PM] ffmpeg-4 4.3.1-6.8 (openSUSE Tumbleweed/x86_64)
Am Montag, 12. Oktober 2020, 20:44:47 schrieb Olaf Hering: > Am Mon, 12 Oct 2020 10:24:04 +0200 > > schrieb "w.pelser" : > > missing link from libavutil56 to libavutil56_51 > > In case such issue still exists, it must be addressed in Tumbleweed instead > of PMBS. Although, I think that link is "missing" intentionally. The point of renaming the libs (to libavcodec58_91, libavutil56_51 and similar) in the first place was that they are *not* fully compatible with libavcodec58, libavutil56 and so on, AIUI. Adding a symlink would basically revert that change, and it would be easier to just remove the patch (that renames the libs) then from the openSUSE package again. Installing the libs from ffmpeg-3 (libavcodec57 and libavutil55 e.g., which are still available on Packman) should help here as well though, at least if the affected applications still support them (Firefox at least does). In the case of self-compiled stuff, you might just have to recompile it against openSUSE's (or Packman's for that matter) ffmpeg 4.3. A different solution I suppose would probably be to also add back ffmpeg-4.2 to openSUSE and/or Packman for compatibility. Kind Regards, Wolfgang ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
