This is something I’ve been trying to focus on recently. One of my goals is to try to keep our standard repositories such that users can update with GUI or ‘urpmi --auto-update’ without error messages. To do this we on QA-Team need more help from community.
Packages not signed are part of this issue so if you or anyone see any package groups or individual packages not signed it would be awesome if they were reported in a bug report.
Standard repositories would look like this for i586 or x86_64:
main
main-updates
contrib
contrib-updates
non-free
non-free-updares
restricted
restricted-updates
No debug or testing repositories and in x86_64 one should only enable i586 repos when needed to install i586 packages then disable them again for normal operation.This is super easy to do in ‘drakrpm-edit-media’.
I believe for this we can allow a simple report if user just post all of Konsole/terminal output or post snap-shots of GUI message showing the entire error message and all unsigned packages. That should be enough unless developers tell us otherwise. The most important key is to show all unsigned packages so there is no confusion or nothing missed. Snap-shots are great way to do this.
What do Y’all think?
Aside: Debug repos/packages are mostly (and rarely) used by developers or those dealing with a knarly technical issue. Packages in testing repositories are not signed by default (not sure whether debug packages are supposed to be signed).
Just as an example of not signed, see the list at the end. If it is going to be created a special category of bug for this, I’m going to wait to report.
The following packages have bad signatures: /var/cache/urpmi/rpms/basesystem-minimal-3-3-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 18:19:38 2017, Key ID eb37e64917d8c628)) /var/cache/urpmi/rpms/lib64nss_myhostname2-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:41 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/lib64nss_resolve2-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:41 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/lib64nss_systemd2-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:42 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/lib64systemd0-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:41 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:23 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-bash-completion-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:42 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-boot-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:36 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-console-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:36 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-coredump-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:36 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-doc-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:36 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-hwdb-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:37 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-locale-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:40 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-polkit-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:40 2017, Key ID 410c21abc2e8ddbe)) /var/cache/urpmi/rpms/systemd-zsh-completion-236-1-omv2015.0.x86_64.rpm: Invalid Key ID (OK (RSA/SHA1, Thu Dec 21 06:49:42 2017, Key ID 410c21abc2e8ddbe))
I’ve actually asked multiple times on IRC (#openmandriva-cooker @ Freenode) as well as that post to Cooker list 3-4 days ago for these to be fixed/signed. People on Holiday or something like that I suspect. One of the problems with such a small group of Contributors unfortunately.
Kind of difficult to make people be here all the time in view of what they are being paid.
