Hi,
2015-12-23 18:14 GMT+09:00 Patrick Uiterwijk <puiterwijk(a)redhat.com>:
Hi,
The latest build of your package is correctly signed:
hn-python2-python-test-2.7.11-3.el7.centos.x86_64.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK
(MISSING KEYS: (MD5) PGP#1256a871)
Thanks for pointing me out.
I installed gpg keys manually with the following commands.
$ sudo curl -sL -o /etc/pki/rpm-gpg/hnscl-python2.pubkey.gpg
https://copr-be.cloud.fedoraproject.org/results/hnakamur/hnscl-python2/pu...
$ sudo curl -sL -o /etc/pki/rpm-gpg/hnscl-python2-python.pubkey.gpg
https://copr-be.cloud.fedoraproject.org/results/hnakamur/hnscl-python2-py...
$ sudo rpm --import /etc/pki/rpm-gpg/hnscl-python2.pubkey.gpg
$ sudo rpm --import /etc/pki/rpm-gpg/hnscl-python2-python.pubkey.gpg
And I confirmed python-libs rpm is signed.
$ rpm -K hn-python2-python-libs-2.7.11-3.el7.centos.x86_64.rpm
hn-python2-python-libs-2.7.11-3.el7.centos.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
However I still got the 'is not signed' error with yum install.
$ sudo yum install -y -v hn-python2-python
Loading "fastestmirror" plugin
Config time: 0.008
Yum version: 3.4.3
...(snip)...
Package hn-python2-python-libs-2.7.11-3.el7.centos.x86_64.rpm is not signed
$ echo $?
1
I editted my *.repo files to use file:/// url for gpgkey instead of
https:// urls, still no luck.
$ cat /etc/yum.repos.d/hnakamur-hnscl-python2.repo
[hnakamur-hnscl-python2]
name=Copr repo for hnscl-python2 owned by hnakamur
baseurl=https://copr-be.cloud.fedoraproject.org/results/hnakamur/hnscl-py...
skip_if_unavailable=True
gpgcheck=1
#gpgkey=https://copr-be.cloud.fedoraproject.org/results/hnakamur/hnscl-python2/pubkey.gpg
gpgkey=file:///etc/pki/rpm-gpg/hnscl-python2.pubkey.gpg
enabled=1
enabled_metadata=1
$ cat /etc/yum.repos.d/hnakamur-hnscl-python2-python.repo
[hnakamur-hnscl-python2-python]
name=Copr repo for hnscl-python2-python owned by hnakamur
baseurl=https://copr-be.cloud.fedoraproject.org/results/hnakamur/hnscl-py...
skip_if_unavailable=True
gpgcheck=1
#gpgkey=https://copr-be.cloud.fedoraproject.org/results/hnakamur/hnscl-python2-python/pubkey.gpg
gpgkey=file:///etc/pki/rpm-gpg/hnscl-python2-python.pubkey.gpg
enabled=1
enabled_metadata=1
As a workaround, I confirmed I can install my rpms with yum --nogpgcheck option.
$ sudo yum install -y --nogpgcheck hn-python2-python
However I'd like to install rpm without --nogpgcheck option.
Could you give some advice?
Best regards,
Hiroaki Nakamura
Please note that the very first build in a COPR is not always signed due to a bug (or at
least, used to be), but any further builds should be signed.
With kind regards,
Patrick Uiterwijk
Fedora Infra
----- Original Message -----
> Hello.
>
> How to make sure rpms to be signed on copr?
>
> I tried to build my Python2 rpm. It was built successfully but is was
> not signed.
>
https://copr.fedoraproject.org/coprs/hnakamur/hnscl-python2-python/
>
> I built other rpms and they are signed.
>
https://copr.fedoraproject.org/coprs/hnakamur/varnish-head/
>
https://copr.fedoraproject.org/coprs/hnakamur/libvmod-header/
>
> I don't why my Python2 rpm was not signed.
> I'd like to know the way to make sure rpms are signed on copr.
>
>
> By the way, thanks for a great service like copr!
> It is very useful!
>
> Best regards,
> Hioraki Nakamura
> _______________________________________________
> copr-devel mailing list
> copr-devel(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/copr-devel@lists.fedorahosted.org
>
_______________________________________________
copr-devel mailing list
copr-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/copr-devel@lists.fedorahosted.org
--
Hioraki Nakamura )hnakamur(a)gmail.com)