From nobody Sat May 4 02:53:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15360696139340.22978819105640014; Tue, 4 Sep 2018 07:00:13 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5258C3001769; Tue, 4 Sep 2018 14:00:10 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D85782015629; Tue, 4 Sep 2018 14:00:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D7B131800540; Tue, 4 Sep 2018 14:00:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w84DxTqY005722 for ; Tue, 4 Sep 2018 09:59:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id A4CF92166BA4; Tue, 4 Sep 2018 13:59:29 +0000 (UTC) Received: from inaba.usersys.redhat.com (unknown [10.43.2.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 426F02166BA1 for ; Tue, 4 Sep 2018 13:59:27 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 4 Sep 2018 15:59:23 +0200 Message-Id: <20180904135923.29365-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Subject: [libvirt] [jenkins-ci PATCH] guests: Special-case fedora-gpg-keys updates on Rawhide X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 04 Sep 2018 14:00:12 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" During each Rawhide development cycle there is a point at which packages start being signed with new keys, which causes updates to fail. To work around the problem, make sure fedora-gpg-keys is updated before attempting to update all other packages; updating fedora-gpg-keys itself requires gpg signature checking to be disabled. Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrang=C3=A9 --- I am actually not 100% sure we need to disable gpg signature checking in order to update fedora-gpg-keys: it would make sense for that one package to be signed with the old key to make the update possible without breaking trust at any point in time. Unfortunately I updated my Rawhide guest without taking a snapshot first, and I can't figure out a way to get it back to a state suitable for checking whether the above makes sense :( Perhaps someone with deeper understanding of the Fedora release process will confirm or deny. guests/lcitool | 24 +++++++++++++++++------- guests/playbooks/update/tasks/base.yml | 9 +++++++++ 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 821cafc..ddeee6a 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -511,7 +511,8 @@ class Application: facts =3D self._inventory.get_facts(host) package_format =3D facts["package_format"] os_name =3D facts["os_name"] - os_full =3D os_name + str(facts["os_version"]) + os_version =3D str(facts["os_version"]) + os_full =3D os_name + os_version =20 if package_format not in ["deb", "rpm"]: raise Error("Host {} doesn't support Dockerfiles".format(host)) @@ -560,12 +561,21 @@ class Application: apt-get autoclean -y """)) elif package_format =3D=3D "rpm": - sys.stdout.write(textwrap.dedent(""" - RUN yum update -y && \\ - yum install -y ${PACKAGES} && \\ - yum autoremove -y && \\ - yum clean all -y - """)) + if os_name =3D=3D "Fedora" and os_version =3D=3D "Rawhide": + sys.stdout.write(textwrap.dedent(""" + RUN yum update -y --nogpgcheck fedora-gpg-keys && \\ + yum update -y && \\ + yum install -y ${PACKAGES} && \\ + yum autoremove -y && \\ + yum clean all -y + """)) + else: + sys.stdout.write(textwrap.dedent(""" + RUN yum update -y && \\ + yum install -y ${PACKAGES} && \\ + yum autoremove -y && \\ + yum clean all -y + """)) =20 def run(self): cmdline =3D self._parser.parse_args() diff --git a/guests/playbooks/update/tasks/base.yml b/guests/playbooks/upda= te/tasks/base.yml index 11f600f..cc16eb0 100644 --- a/guests/playbooks/update/tasks/base.yml +++ b/guests/playbooks/update/tasks/base.yml @@ -64,6 +64,15 @@ - not ( os_name =3D=3D 'Fedora' and os_version =3D=3D 'Rawhide' ) =20 +- name: Update installed packages + package: + name: fedora-gpg-keys + state: latest + disable_gpg_check: yes + when: + - os_name =3D=3D 'Fedora' + - os_version =3D=3D 'Rawhide' + - name: Update installed packages command: dnf update --refresh --exclude 'kernel*' -y args: --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list