|Summary:||Source packages not available via up2date, no GPG signatures|
|Product:||[Retired] Fedora Legacy||Reporter:||William M. Quarles <walrus>|
|Component:||General||Assignee:||Jesse Keating <jkeating>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-04-11 22:08:58 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description David Lawrence 2005-03-30 23:30:05 UTC
I think that my summary speaks for itself. I think that you should be GPG signing packages. And I'm somebody who has the option checked off for downloading source packages along with binaries, so I think that should be available, too (it was with Fedora Core and many of the other repositories that I use). ------- Additional Comments From email@example.com 2004-12-16 15:11:28 ---- Hi, We do sign packages, using the GPG key advertised on the web site <http://www.fedoralegacy.org/about/security.php>. If you think we have missed signing any packages please provide specific details. Regards. ------- Additional Comments From firstname.lastname@example.org 2004-12-16 15:12:15 ---- P.S. Source packages are available from our apt repository which you can browse at http://download.fedoralegacy.org/ ------- Bug moved to this database by email@example.com 2005-03-30 18:30 ------- This bug previously known as bug 2320 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2320 Originally filed under the Fedora Legacy product and General component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Unknown severity minor. Setting to default severity "normal". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Comment 1 William M. Quarles 2005-04-03 21:15:37 UTC
I figured out the problem with the GPG signatures. You need to make your documentation for up2date as complete as it is for yum and apt, and add the step about downloading the GPG key. As for the SRPMs, what is the problem with making them available via up2date?
Comment 2 Jesse Keating 2005-04-04 17:30:13 UTC
up2date in Fedora Core uses yum as a backend, or apt. Yum in FC 1 does not support downloading of source packages, therefor up2date when used with a yum backend cannot either. Configure up2date to use apt as your backend, and then you can gather srpms through up2date. Closing this as notabug.
Comment 3 William M. Quarles 2005-04-04 17:38:36 UTC
Up2date has to support downloading of source packages because the Fedora Core update service uses a yum repository and I can download source packages through there.
Comment 4 Jesse Keating 2005-04-04 17:55:39 UTC
WHich version of Fedora Cre are you referencing? THe yum in FC1 that we use does not support srpm repositories.
Comment 5 William M. Quarles 2005-04-04 18:23:01 UTC
With Fedora Core 1's up2date I downloaded every single SRPM for every offical Fedora Core update that came out since I installed it. They are still on my hard drive, I would be happy to show them to you. I even used mirrors for most of them (since the Red Hat server was too slow) and the SRPMs still downloaded. And yes, the configuration lines for those started with yum http:// or ftp:// I forget which I'm booted into windows right now. Try it for yourself, get a fresh install of Fedora Core 1, configure up2date to download source packages, and watch it work. Although again I suggest changing the /etc/sysconfig/rhn/sources file to look at an official mirror rather than Red Hat itself, or you will be in a mess. I've used Duke and NCSU. I used to use Virginia Tech but they changed something on their server and I'm not sure if they are continuing to mirror.
Comment 6 Jesse Keating 2005-04-04 18:26:46 UTC
I may be mistaken then on the FC1. RHL9 was not possible. I'll look into generating metadata in the srpm directories.
Comment 7 Jesse Keating 2005-04-11 22:08:58 UTC
headers for SRPMS are now populated. You'll have to add a line for the srpms repository. I'm keeping them seperated so that users that don't want srpms don't have to download the package information and header cache for them.
Comment 8 William M. Quarles 2005-04-23 05:47:28 UTC
I don't seem to have separate headers for the source packages from the updates that I have received from Red Hat. I don't think that this is actually going to work.