Red Hat Bugzilla – Bug 600287
Use a single file for all RHEL6 RPM GPG release keys
Last modified: 2016-01-18 11:09:30 EST
See blocks bz for reasoning why we wish to change the way we provide the GPG signing keys for RHEL6 and later by allowing the distribution of multiple signing keys in a single file.
RPM-GPG-KEY-redhat-release-2 + RPM-GPG-KEY-redhat-auxiliary
distribute RPM-GPG-KEY-redhat-release, remove RPM-GPG-KEY-redhat-release-2 and RPM-GPG-KEY-redhat-auxiliary
(If you prefer to keep the keys separate in the tarball and simply merge them in %install of spec, that's fine too)
Note: "yum import" is happy to import multiple keys in a given
file (note the keys need to be separately armoured just like we
do with our CA files, i.e. as 'cat' above, not an exported GPG keyring).
Note: It's possible legacy users might "rpm --import" a file with
multiple keys. Shipped versions of RPM will only import the first
listed key. RPM upstream since May 2010 handles multiple keys and
this will be in RHEL6 before GA (bz#586827)
How about the following?
I don't see a reason not to ship those.
With redhat-release-server-5.90Server-22.214.171.124.el6 there's the RPM-GPG-KEY-redhat-release which contains 2 keys, and
RPM-GPG-KEY-redhat-legacy-release which contain only one key.
is the intention to keep the legacy files as is or to merge them with the redhat-release file?
intention was to keep legacy files as-is; I suppose we could merge legacy-former and legacy-release but I don't see any real need to do so.
Moving to VERIFIED then.
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.