[packman] PMBS: Multimedia repo publishing

Spielmops spielmops at posteo.de
Fri Mar 19 19:38:07 CET 2021 

Thanks for this information and your work.

Hartmut

Am 19.03.21 um 12:44 schrieb Stefan Botter:
> Hi Packmans,
>
> for the past four weeks there has been an publishing problem with the
> Multimedia project: Packages have been build successfully on PMBS, but
> never made it to the mirrors.
>
> As outlined in a mail on Feb 27th, PMBS' publishing stages build
> projects to packman.links2linux.de, where all packages are re-signed
> with the official packman GPG key. Once this is done, the packages are
> finally published and pushed to the mirrors.
> Before the packages are re-signed, the process checks the validity of
> the then existing signatures against a list of known keys - these are
> then PMBS-project keys, we manually maintain the list of trusted keys on
> packman.
> The standard GPG key for PMBS expired last July unnoticed. This did not
> cause the current problem for Multimedia, but apart from the nuisance of
> no further account creation, it exposed the circumstance, that the
> Multimedia key was an old key, created before the standard PMBS key
> (which is used by the signer to access the project keys).
>
> (I really **really** do not understand, how PMBS was able to sign
> packages with the old key since May 2014!)
>
> Multimedia packages built on PMBS could be signed again only after I
> replaced the Multimedia project signing key on Feb 24th.
> This in turn broke the verification on packman.links2linux.de, so
> Multimedia packages arriving there are not re-signed and hence not
> published to the mirrors.
> As I do not have access to the re-signing part on packman, I cannot
> simply update/trust the new project key. Marc is offline ATM, and cannot
> help me right now, so I will try to replace Multimedia's key with
> another already trusted key in our publishing chain.
>
> This will likely break something, as I am try-and-erroring.
> For that I have stopped the schedulers for all architectures apart
> aarch64. Once all packages there have been built, I will stop the
> dispatcher, make a snapshot of the VM, replace the Multimedia key and
> start everything up again.
>
>
> I am looking forward to resolve the publishing issue with this.
> I will send another mail, when I implemented the change.
>
>
> Greetings,
>
> Stefan
>
> _______________________________________________
> Packman mailing list
> Packman at links2linux.de
> https://lists.links2linux.de/cgi-bin/mailman/listinfo/packman

-- 
------------------------------------------------------------------------
"Ich habe keine besondere Begabung, sondern bin nur leidenschaftlich 
neugierig." (Einstein)
spielmops.org <http://spielmops.org>

More information about the Packman mailing list