In the run up to f40 final we were using a koji with a patch to _not_ enable the builroot repo when making containers via kiwi plugin. This was to fix the fact that pulling from the buildroot repo pulls unsigned rpms, making all the rpms installed in the container unsigned.
Foolishly, I pulled a newer/expansion of that patch from upstream in in the last round of updates, but something in it's defaults/logic causes it to not disable the buildroot repo, and again containers have unsigned rpms. ;(
So, what I would like to do is go back to the previous patch we had that just has the 'only enable buildroot when no repos are passed' patch.
Ideally we would do this today so the last f40 nightly would be right. If not tho, we could land it anytime and then the nightly container builds would be fixed.
Can I get +1s for this plan?
Thanks,
kevin
On Thu, Apr 18, 2024 at 8:15 PM Kevin Fenzi kevin@scrye.com wrote:
In the run up to f40 final we were using a koji with a patch to _not_ enable the builroot repo when making containers via kiwi plugin. This was to fix the fact that pulling from the buildroot repo pulls unsigned rpms, making all the rpms installed in the container unsigned.
Foolishly, I pulled a newer/expansion of that patch from upstream in in the last round of updates, but something in it's defaults/logic causes it to not disable the buildroot repo, and again containers have unsigned rpms. ;(
So, what I would like to do is go back to the previous patch we had that just has the 'only enable buildroot when no repos are passed' patch.
Ideally we would do this today so the last f40 nightly would be right. If not tho, we could land it anytime and then the nightly container builds would be fixed.
Can I get +1s for this plan?
+1
On Thu, 2024-04-18 at 17:14 -0700, Kevin Fenzi wrote:
In the run up to f40 final we were using a koji with a patch to _not_ enable the builroot repo when making containers via kiwi plugin. This was to fix the fact that pulling from the buildroot repo pulls unsigned rpms, making all the rpms installed in the container unsigned.
Foolishly, I pulled a newer/expansion of that patch from upstream in in the last round of updates, but something in it's defaults/logic causes it to not disable the buildroot repo, and again containers have unsigned rpms. ;(
So, what I would like to do is go back to the previous patch we had that just has the 'only enable buildroot when no repos are passed' patch.
Ideally we would do this today so the last f40 nightly would be right. If not tho, we could land it anytime and then the nightly container builds would be fixed.
Can I get +1s for this plan?
+1
+1
On Fri, Apr 19, 2024 at 10:48 AM Adam Williamson adamwill@fedoraproject.org wrote:
On Thu, 2024-04-18 at 17:14 -0700, Kevin Fenzi wrote:
In the run up to f40 final we were using a koji with a patch to _not_ enable the builroot repo when making containers via kiwi plugin. This was to fix the fact that pulling from the buildroot repo pulls unsigned rpms, making all the rpms installed in the container unsigned.
Foolishly, I pulled a newer/expansion of that patch from upstream in in the last round of updates, but something in it's defaults/logic causes it to not disable the buildroot repo, and again containers have unsigned rpms. ;(
So, what I would like to do is go back to the previous patch we had that just has the 'only enable buildroot when no repos are passed' patch.
Ideally we would do this today so the last f40 nightly would be right. If not tho, we could land it anytime and then the nightly container builds would be fixed.
Can I get +1s for this plan?
+1
Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org https://www.happyassassin.net
-- _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Thanks everyone.
I got the builders updated. Hopefully that will do the right thing for now. ;)
kevin
infrastructure@lists.fedoraproject.org
-
Adam Williamson -
Kevin Fenzi -
Neal Gompa -
Ryan Lerch