Bug 152862

Summary: Source packages not available via up2date, no GPG signatures
Product: [Retired] Fedora Legacy Reporter: William M. Quarles <walrus>
Component: GeneralAssignee: Jesse Keating <jkeating>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-11 22:08:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:30:05 UTC 
I think that my summary speaks for itself.  I think that you should be GPG
signing packages.  And I'm somebody who has the option checked off for
downloading source packages along with binaries, so I think that should be
available, too (it was with Fedora Core and many of the other repositories that
I use).



------- Additional Comments From dom 2004-12-16 15:11:28 ----

Hi,

We do sign packages, using the GPG key advertised on the web site
<http://www.fedoralegacy.org/about/security.php>.

If you think we have missed signing any packages please provide specific details.

Regards.



------- Additional Comments From dom 2004-12-16 15:12:15 ----

P.S. Source packages are available from our apt repository which you can browse at 
http://download.fedoralegacy.org/



------- Bug moved to this database by dkl 2005-03-30 18:30 -------

This bug previously known as bug 2320 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2320
Originally filed under the Fedora Legacy product and General component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity minor. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Comment 1 William M. Quarles 2005-04-03 21:15:37 UTC 
I figured out the problem with the GPG signatures.  You need to make your
documentation for up2date as complete as it is for yum and apt, and add the step
about downloading the GPG key.

As for the SRPMs, what is the problem with making them available via up2date?
Comment 2 Jesse Keating 2005-04-04 17:30:13 UTC 
up2date in Fedora Core uses yum as a backend, or apt.  Yum in FC 1 does not
support downloading of source packages, therefor up2date when used with a yum
backend cannot either.  Configure up2date to use apt as your backend, and then
you can gather srpms through up2date.

Closing this as notabug.
Comment 3 William M. Quarles 2005-04-04 17:38:36 UTC 
Up2date has to support downloading of source packages because the Fedora Core
update service uses a yum repository and I can download source packages through
there.
Comment 4 Jesse Keating 2005-04-04 17:55:39 UTC 
WHich version of Fedora Cre are you referencing?  THe yum in FC1 that we use
does not support srpm repositories.
Comment 5 William M. Quarles 2005-04-04 18:23:01 UTC 
With Fedora Core 1's up2date I downloaded every single SRPM for every offical
Fedora Core update that came out since I installed it.  They are still on my
hard drive, I would be happy to show them to you.  I even used mirrors for most
of them (since the Red Hat server was too slow) and the SRPMs still downloaded.
 And yes, the configuration lines for those started with yum http:// or ftp:// I
forget which I'm booted into windows right now.  Try it for yourself, get a
fresh install of Fedora Core 1, configure up2date to download source packages,
and watch it work.  Although again I suggest changing the
/etc/sysconfig/rhn/sources file to look at an official mirror rather than Red
Hat itself, or you will be in a mess.  I've used Duke and NCSU.  I used to use
Virginia Tech but they changed something on their server and I'm not sure if
they are continuing to mirror.
Comment 6 Jesse Keating 2005-04-04 18:26:46 UTC 
I may be mistaken then on the FC1.  RHL9 was not possible.  I'll look into
generating metadata in the srpm directories.
Comment 7 Jesse Keating 2005-04-11 22:08:58 UTC 
headers for SRPMS are now populated.  You'll have to add a line for the srpms
repository.  I'm keeping them seperated so that users that don't want srpms
don't have to download the package information and header cache for them.
Comment 8 William M. Quarles 2005-04-23 05:47:28 UTC 
I don't seem to have separate headers for the source packages from the updates
that I have received from Red Hat.  I don't think that this is actually going to
work.