New subject: [opensuse] Re: gpg-pubkeys missing 'Distribution'

7 Jun 2009

      I was looking at the distro's and 'arch's for packages installed on one of my 
systems.  The system started out as a '32bit', i586-based system, but was 
upgraded to x86_64 later in life.

To check that I have no old-arch packages, I printed out dist's and arch's
using:

rpm -qa --qf '%-25{distribution} (%{arch}) : %{n}-%{V}-%{R}\n'

Only one package showed had a 'binary' (not 'noarch') arch "mismatch" --
a package left over from 10.2:
   openSUSE 10.2 (i686)           (i686) : db-4.4.20-16

No...that's not a 'double-arch' printing -- it's a pre-11.1 "bug" where
some packages contained an 'arch' string embedded in the distribution name.

Most the 'arch's agree (sorta) and make no diff, like:

   openSUSE 10.2 (X86-64)    (x86_64) : nttcp-1.47-151
   openSUSE 10.3 (X86-64)    (x86_64) : apcupsd-3.14.1-33
   openSUSE 11.0 (X86-64)    (x86_64) : acpiw-0.75-574.1

(i.e. 10.2, 10.3 and 11.0 had packages with an 'almost correct', but
'bogus' 'arch' embedded in the distribution name ("X86-64" != "x86_64").

A few had mismatching, confused values, mostly fonts/cursors:
   openSUSE 10.2 (i586)      (noarch) : agfa-fonts-2003.03.19-51
   openSUSE 11.0 (i586)      (noarch) : Crystalcursors-0.5-197.1
   openSUSE 11.0 (i586)      (noarch) : bitstream-vera-1.10-278.1

Some script-lang packages, like:
   openSUSE 10.3 (i586)      (noarch) : yast2-devtools-2.15.9-6
   openSUSE 11.0 (i586)      (noarch) : bootchart-0.9-221.1

But this is a weird one (as it is inconsistent, but better than
the others that it is inconsistent with):
   openSUSE 11.0 (i586)      (noarch) : suse-build-key-1.0-855.1

It's a build key -- but is it only for signing i586 packages? Not sure
what was meant, but among "keys", it's the only one with ANY sort of
indication of what "Distribution" it was 'for', or was valid for signing.

The other 'gpg' keys, all have NO dist and, using the above mentioned
rpm query, print out as:
(none)                    ((none)) : gpg-pubkey-0dfb3188-41ed929b
(none)                    ((none)) : gpg-pubkey-307e3d54-44201d5d
(none)                    ((none)) : gpg-pubkey-307e3d54-481f30aa
(none)                    ((none)) : gpg-pubkey-3d25d3d9-36e12d04
(none)                    ((none)) : gpg-pubkey-3dbdc284-49144c3f
(none)                    ((none)) : gpg-pubkey-56b4177a-47965b33
(none)                    ((none)) : gpg-pubkey-7e2e3b05-44748aba
(none)                    ((none)) : gpg-pubkey-7e2e3b05-4816488f
(none)                    ((none)) : gpg-pubkey-9c800aca-40d8063e
(none)                    ((none)) : gpg-pubkey-9c800aca-481f343a
(none)                    ((none)) : gpg-pubkey-a1912208-446a0899

--------

So how do I tell what distro's the keys are good for signing?
How do I tell which are for old 'distro's, that I no longer want
to have enabled for "signed" installing?  I.e. I might like rpm tell me that 
'old-distro rpms', aren't signed with the "latest", released,
Distro key(s).  Why would I have so many keys installed?  I think
the first distribution installed on here was 10.2(i586), upgraded
'arch' (w/10.2(x86_64), 10.3, 11.0 and now, 11.1.

Theoretically, one could have 1 signing key/distribution (1 key being good for 
all archs), so I could have as few as 4 keys if things were 'optimal', or 5 keys 
if they signed different binary archs separately.
But why 11 keys?  Maybe oss vs. non-oss packages?  That would yield
8 or 10 (presuming I had non-oss packages installed from each of my
4 distros (or 5 binary distros). Whatever...

The point is -- how can one tell if they keys don't say what Distribution they 
were shipped with?

It's pointless, I believe to attempt to go back and issue patches for
all the pre-11.2 signing key packages so the distro-names would be included, but 
would it be a good idea (and possible) to include
the distributions in 11.2 (and beyond?)

Linda
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org

[opensuse] gpg-pubkeys missing 'Distribution'

Linda Walsh

Anders Johansson

Linda Walsh

Marcus Meissner

Anders Johansson

Carlos E. R.

Rajko M.

Carlos E. R.

Marcus Meissner

tags

participants (5)