[opensuse-project] Packman repository migration: done
What happened earlier about the broken repository signature: we
simply forgot to update the signature after creating the
metadata (it's a bit more complex, but in essence, it's what
happened).
This is fixed now, and all mirrors [1] should be up-to-date with
correct signatures.
Most of you who have been using the Packman repository for some
time probably remember the hassle that YaST and zypper were
always complaining about "NOKEY" on the packages.
The reason was that our packages were signed with a different
key than the repository metadata.
Zypper and YaST have a mechanism to import keys when you refresh
a repository for the first time: it's when it prompts you
whether you want to accept that key temporarily/always/etc...
The problem for Packman is that it imports the key
(repodata/repomd.xml.key) that is used to sign the repository
metadata (repodata/repomd.xml.asc), but it doesn't have any
mechanism to also import another key that is used to sign the
RPM files (the signatures are inside the RPM files).
Now we implemented a mechanism to re-sign the packages with the
same key as the one used for the repository metadata and, hence,
there won't be any "NOKEY" warnings nor any need to install the
package "rpmkey-packman" any more.
On a side note, here is the relevant data about that key:
* it's a 4096 RSA key
* Key ID: 45A1D0671ABD1AFB
(shows up as ID "1ABD1AFB" in RPM)
* Key Name: PackMan Project (signing key)
On 03/11/2011 02:49 AM, Pascal Bleser wrote:
What happened earlier about the broken repository signature: we simply forgot to update the signature after creating the metadata (it's a bit more complex, but in essence, it's what happened).
This is fixed now, and all mirrors [1] should be up-to-date with correct signatures.
Most of you who have been using the Packman repository for some time probably remember the hassle that YaST and zypper were always complaining about "NOKEY" on the packages. The reason was that our packages were signed with a different key than the repository metadata. Zypper and YaST have a mechanism to import keys when you refresh a repository for the first time: it's when it prompts you whether you want to accept that key temporarily/always/etc...
The problem for Packman is that it imports the key (repodata/repomd.xml.key) that is used to sign the repository metadata (repodata/repomd.xml.asc), but it doesn't have any mechanism to also import another key that is used to sign the RPM files (the signatures are inside the RPM files).
Now we implemented a mechanism to re-sign the packages with the same key as the one used for the repository metadata and, hence, there won't be any "NOKEY" warnings nor any need to install the package "rpmkey-packman" any more.
On a side note, here is the relevant data about that key: * it's a 4096 RSA key * Key ID: 45A1D0671ABD1AFB (shows up as ID "1ABD1AFB" in RPM) * Key Name: PackMan Project (signing key)
* Key Fingerprint: F8875B880D518B6B8C530D1345A1D0671ABD1AFB * Key Created: Mon Sep 20 20:37:32 2010 * Key Expires: Fri Sep 19 20:37:11 2014 Apart from that, Marc Schiffbauer and I finished implementing a mechanism to prevent mirrors from pulling files while our OBS instance is pushing files into the same tree, which has lead to repositories being a bit corrupt/incomplete over the past week.
As already explained, if you're missing a package that used to be in the Packman repository but isn't any more, please poke us (gently ;)) at packman@links2linux.de
[1] http://packman.links2linux.org/MIRRORS.html
cheers
High congrats for that awesome works, and make openSUSE one of the most easiest and complete distribution ! -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Friday 11 March 2011 14:20:53 Bruno Friedmann wrote:
High congrats for that awesome works, and make openSUSE one of the most easiest and complete distribution !
Yes indeed, many thanks for the hard work and late nights you've put in this last while. Graham -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Op 11-03-11 15:59, Graham Anderson schreef:
On Friday 11 March 2011 14:20:53 Bruno Friedmann wrote:
High congrats for that awesome works, and make openSUSE one of the most easiest and complete distribution ! Yes indeed, many thanks for the hard work and late nights you've put in this last while.
Graham
It has been the least hassle ever: Everything just works.... hmmmm ;-) -- Enjoy your time around, Oddball (M9.) (Now or never...) OS: Linux 2.6.37.1-1.2-desktop x86_64 Huidige gebruiker: oddball@AMD64x2sfn1 Systeem: openSUSE 11.4 (x86_64) KDE: 4.6.00 (4.6.0) "release 6" -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday, March 10, 2011 08:49:15 PM Pascal Bleser wrote:
What happened earlier about the broken repository signature: we simply forgot to update the signature after creating the metadata (it's a bit more complex, but in essence, it's what happened).
This is fixed now, and all mirrors [1] should be up-to-date with correct signatures.
Most of you who have been using the Packman repository for some time probably remember the hassle that YaST and zypper were always complaining about "NOKEY" on the packages. The reason was that our packages were signed with a different key than the repository metadata. Zypper and YaST have a mechanism to import keys when you refresh a repository for the first time: it's when it prompts you whether you want to accept that key temporarily/always/etc...
The problem for Packman is that it imports the key (repodata/repomd.xml.key) that is used to sign the repository metadata (repodata/repomd.xml.asc), but it doesn't have any mechanism to also import another key that is used to sign the RPM files (the signatures are inside the RPM files).
Now we implemented a mechanism to re-sign the packages with the same key as the one used for the repository metadata and, hence, there won't be any "NOKEY" warnings nor any need to install the package "rpmkey-packman" any more.
On a side note, here is the relevant data about that key: * it's a 4096 RSA key * Key ID: 45A1D0671ABD1AFB (shows up as ID "1ABD1AFB" in RPM) * Key Name: PackMan Project (signing key)
* Key Fingerprint: F8875B880D518B6B8C530D1345A1D0671ABD1AFB * Key Created: Mon Sep 20 20:37:32 2010 * Key Expires: Fri Sep 19 20:37:11 2014 Apart from that, Marc Schiffbauer and I finished implementing a mechanism to prevent mirrors from pulling files while our OBS instance is pushing files into the same tree, which has lead to repositories being a bit corrupt/incomplete over the past week.
As already explained, if you're missing a package that used to be in the Packman repository but isn't any more, please poke us (gently ;)) at packman@links2linux.de
[1] http://packman.links2linux.org/MIRRORS.html
cheers
Thank you guys for taking your efforts beyond frontiers and give us a smooth and pleasant time with our favorite operating system and applications (updated). Best, -- Ricardo Chung | openSUSE Linux Ambassador Panama Testing: openSUSE 11.4 RC 2 | KDE 4.6.00 release 6 | Mesa-Nouveau 3D Gallium 7.10 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (5)
-
Bruno Friedmann
-
Graham Anderson
-
Oddball
-
Pascal Bleser
-
Ricardo Chung