Fedora 21 package signing: no, it’s not just you
Posted by adamwill on July 29, 2014
We interrupt this Rawhide blog to bring you an important message!
No, it’s not just you: there are unsigned packages in Fedora 21, and yum (and dnf and mock) are complaining about it.
Here’s what’s going on.
When we branch Branched (in this case, F21) from Rawhide, we don’t immediately enable Bodhi – that is, the process where builds have to be sent to Bodhi which sends them to updates-testing and then to stable after review. For the first few days, Branched package submission works just like Rawhide – the packager submits the build, it gets built by Koji, and it’s automatically pulled into the ‘stable’ repo at the next nightly compose. No updates-testing, no karma.
When the package submission process is working like that, package signing still won’t be 100%. We can only get package signing to 100% when the Bodhi workflow is active.
Bodhi gets turned on when we do the Alpha release freeze. Usually, that’s very soon after branching – like, a week. So there’s a slightly confused week where we do the branch and then run around updating fedora-release and mock configs and so on and the freeze hits and Bodhi gets turned on somewhere in there and after a few days it all shakes out and everything’s running smoothly.
What with Fedora.next and all, the period between Fedora 21 branching and Bodhi being turned on is getting much longer. We’re not really at a point where it makes any sense to freeze for Alpha, so Bodhi isn’t getting turned on, and that means not all packages are getting signed.
So yes, relax, it’s not just you. For right now, please use the –nogpgcheck parameter for Fedora 21 yum and dnf and mock and so forth. We’ll try to send out updates to fedora-repos and mock that will turn off gpgcheck for the next little while, until we freeze and enable Bodhi. We’re sorry for the inconvenience.
Sorry, the comment form is closed at this time.