Fedora Linux Support Community & Resources Center
  #1  
Old 28th June 2009, 07:18 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,121
Why aren't rawhide packages signed?

I know the rawhide packages aren't signed (usually), I'm just wondering why. Is there a security risk in giving out some key to a large number of people? I'd think it wouldn't take too look to actually sign the file?
  #2  
Old 29th June 2009, 02:08 AM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 436
Because in order to do so some human would have to sit there and do it each day for all the packages produced that day.

There is work going on to allow the buildsystem to automagically sign rawhide packages as they are built, but this is not yet in place.
  #3  
Old 29th June 2009, 02:16 AM
Demz
Guest
 
Posts: n/a
i think yum is sposed to do it, they have or are taking that ability out of RPM an putting it into yum instead, ( correct me if im wrong ) so yum should be able to sign the packages instead
  #4  
Old 29th June 2009, 02:21 AM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 436
I'm not sure what you are asking there.

rpm can sign and check signatures of packages.
yum can use rpm to check package signatures, it has no ability to sign them.

I was talking about koji (the fedora build system). It's been proposed that it will sign all packages it builds with a 'this was built by the fedora build system' and that would be used to check rawhide packages.

Currently there is no easy way to sign all the rawhide packages, so they are not signed.
  #5  
Old 29th June 2009, 05:26 AM
Demz
Guest
 
Posts: n/a
http://rpm.org/roadmap

eliminate gpg-pubkey's from rpmdb im sure thats the one im refering to in my above post so yum will do it instead
  #6  
Old 29th June 2009, 06:30 AM
RahulSundaram Offline
Registered User
 
Join Date: May 2005
Posts: 3,764
Hi,

Yum already does that. The roadmap is referring to a different thing and it solves a different problem. There are blog posts explaining the details. Feel free to look them up
__________________
Rahul
http://fedoraproject.org/wiki/RahulSundaram
  #7  
Old 29th June 2009, 06:36 AM
Demz
Guest
 
Posts: n/a
thanks for clearing that up Rahul i wasnt sure
  #8  
Old 18th August 2009, 01:37 AM
Don3 Offline
Registered User
 
Join Date: Aug 2009
Posts: 29
linuxfedoramozilla
Sorry if this is off-topic/late, but about message #4: I have just downloaded kernel-2.6.30.5-28.rc2.fc11.i586.rpm and related files from http://kojipkgs.fedoraproject.org/pa....5/28.rc2.fc11 ... initially from the "i586" and "noarch" sub-dirs ... When I tried to install them yum/rpm complained:

Package kernel-2.6.30.5-28.rc2.fc11.i586.rpm is not signed

Now that I've seen the discussion above, that no longer surprises me... But then I noticed that there is another tree under .../data/signed/d22e77f2 (and d22e77f2 matches one of the public keys I have). So I downloaded the corresponding files from there, but yum still complains that the package is not signed.

Anyone know what the purpose of the "signed" tree might be?

- Don
 

Tags
packages, rawhide, signed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rawhide virtualization packages available for Fedora 11 marko Using Fedora 0 13th August 2009 02:37 PM
no signed package for update rawhide chepioq Fedora 12 Alpha, Beta & Release Candidates 4 20th June 2009 09:55 PM
packages not signed Robert2 Alpha, Beta & Snapshots Discussions (Fedora 11 Only) 6 27th May 2009 10:51 PM
OPERA and ACROREAD RPM packages are not signed? newyilang Using Fedora 2 21st May 2006 10:11 AM


Current GMT-time: 09:56 (Monday, 22-12-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
...Pape and Cosburn Travel Photos on Instagram - The Woodsman Tavern Photos - Shenzhen, Guangdong - Pigalle Travel Photos