[packman] Package availability, was: Re: signing seems to hang somewhere

Dave Plater davejplater at gmail.com
Sat Feb 27 10:47:41 CET 2021 

On 2/27/21, Stefan Botter <jsj at jsj.dyndns.org> wrote:
> Hi all,
>
> as I have feared, there are problems with publishing of packages.
>
> Am Mittwoch, den 24.02.2021, 16:25 +0100 schrieb Stefan Botter:
> :
>> Yes, I can confirm this problem. It is connected with the expired GPG
>> key - and probably with something I fscked meanwhile.
>>
>> I have been trying for a while now, and could be the Multimedia
>> project
>> to sign. There might be a problem with
>> - other projects/repositories, and
>> - publishing to the packman server
>
> Exactly that happened.
> This is caused by the unique way we publish built packages to the
> repositories, which are synced to the mirrors:
> PMBS builds packages (the regular OBS way) and signs them with the
> respective repository key. Once all packages for a repo are built, the
> repo gets published - and here we sync them to packman.links2linux.de.
> There is a publishing mechanism, which re-signs the packages with the
> official packman key, puts entries in the database backing the website
> and creates the repositories for the mirrors.
>
> For security reasons the re-signing step checks the signatures, with
> which the packages arrive. There is a positive-list, and only signatures
> on that list are considered "okay" for re-signing and publishing.
>
> As I wrote last Wednesday, the ultimate problem was the expired PMBS
> key, which in turn sings the publishing keys for PMBS's repos, and I had
> to recreate the key for the Multimedia repo.
> This key has changed, and re-signing at packman.links2linux.de fails,
> and the packages are not published to the mirrors.
>
> There are two possible ways to fix this:
> 1. allow the actual Multimedia repo key to be accepted on
> packman.links2linux.de
> 2. reinstate the old Multimedia repo key on PMBS.
>
> The first option needs an action on packman.links2linux.de -> I have to
> ask Marc to do the change (he is busy ATM, and this may take a while).
>
> The second option may work, as I have backups, and the Open Build
> Service keeps such information. I have read somewhere, that manually
> forcing a pre-existing key in a build service instance, but do not know
> - how to do that (probably something with obs_admin), and
> - if this will succeed.
>
> Anyway, the packages will resurface, but it may take time.
> I will announce a downtime for PMBS in my next mail, and can face the
> repo-key issue after I have moved PMBS to its new home at the hosted
> server.
>
>
> Greetings,
>
> Stefan
> --
> Stefan Botter zu Hause
> Bremen
>

Something must have been fixed, avidemux3 is now available in the
normal repository

Dave

More information about the Packman mailing list