New Key Discussion

Jeffrey Ollie jeff at
Tue Aug 26 18:51:48 UTC 2008

On Tue, Aug 26, 2008 at 12:16 PM, Warren Togami <wtogami at> wrote:
> 5) In a few weeks after all F8+ packages are resigned with the new key,
> revoke the old key.  The only way we can revoke the old key is to rpm -e
> it.  Unfortunately, skvidal did some research into ways we could
> possibly achieve this and our options are not good.  rpm -e is
> impossible during rpm %post because it locks the transaction.  We really
> do need a way to automate revocation of the old key.  It seems we have a
> few weeks to figure out a way to do it.
> (Idea: Perhaps we add a hack to rpm itself in a package update?  Ugly as
> hell, but what other options do we have?)

Drop a script in /etc/cron.hourly that rpm -e's the key and then
deletes/disables itself.

Jeff Ollie

"You know, I used to think it was awful that life was so unfair. Then
I thought, wouldn't it be much worse if life were fair, and all the
terrible things that happen to us come because we actually deserve
them? So, now I take great comfort in the general hostility and
unfairness of the universe."

	-- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon"

More information about the rel-eng mailing list