[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unsigned package



On Thursday 07 June 2007 14:08:06 Jon Ciesla wrote:
> Trying to upgrade, yum complains:
> Package scons-0.97-2.fc7.noarch.rpm is not signed
>
> This is from my local mirror, but the one from two other official mirrors
> and d.f.r.c match it.
>
> rpm --checksig on all of these yields:
>
> scons-0.97-2.fc7.noarch.rpm: sha1 md5 OK
>
> Huh?
>
> Jon
>
> --
> novus ordo absurdum

A few unsigned packages leaked out in the tree due to some tools errors and 
oversight.  I have a new tree with signed packages and new repodata for the 
signed packages that I'll be uploading at some point today (once my day of 
meetings is over).  There is some impact on users.

Yum caches metadata (and packages) for a period of time (30 minutes).  So 
changing the package checksum without changing the NVR can have some impact:

With a warm cache, and no package in cache, it'll say your package doesn't 
match checksum.  With a warm cache and a already cached (unsigned) package, 
it'll say the package is unsigned.  Once cache expires, it Just Works(tm).  
This only effects the unsigned packages in the tree, all other operations on 
signed packages will be fine.

-- 
Jesse Keating
Release Engineer: Fedora

Attachment: pgptNRDE3YxWf.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]