Bug 600287 - Use a single file for all RHEL6 RPM GPG release keys
Use a single file for all RHEL6 RPM GPG release keys
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: redhat-release-server (Show other bugs)
6.0
All Linux
high Severity medium
: beta
: ---
Assigned To: Andrew Thomas
Release Test Team
:
Depends On:
Blocks: 600278
  Show dependency treegraph
 
Reported: 2010-06-04 06:56 EDT by Mark J. Cox
Modified: 2016-01-18 11:09 EST (History)
6 users (show)

See Also:
Fixed In Version: redhat-release-server-5.90Server-6.0.0.29.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-02 15:46:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2010-06-04 06:56:21 EDT
See blocks bz for reasoning why we wish to change the way we provide the GPG signing keys for RHEL6 and later by allowing the distribution of multiple signing keys in a single file.

In /etc/pki/rpm-gpg/
cat 
RPM-GPG-KEY-redhat-release-2 + RPM-GPG-KEY-redhat-auxiliary
> RPM-GPG-KEY-redhat-release

distribute RPM-GPG-KEY-redhat-release, remove RPM-GPG-KEY-redhat-release-2 and RPM-GPG-KEY-redhat-auxiliary

(If you prefer to keep the keys separate in the tarball and simply merge them in %install of spec, that's fine too)

  Note: "yum import" is happy to import multiple keys in a given
  file (note the keys need to be separately armoured just like we
  do with our CA files, i.e. as 'cat' above, not an exported GPG keyring).

  Note: It's possible legacy users might "rpm --import" a file with
  multiple keys.  Shipped versions of RPM will only import the first
  listed key.  RPM upstream since May 2010 handles multiple keys and
  this will be in RHEL6 before GA (bz#586827)
Comment 2 Dennis Gregorovic 2010-06-08 10:14:04 EDT
How about the following?

RPM-GPG-KEY-redhat-legacy-former
RPM-GPG-KEY-redhat-legacy-rhx
RPM-GPG-KEY-redhat-legacy-release
Comment 3 Mark J. Cox 2010-06-08 10:16:11 EDT
I don't see a reason not to ship those.
Comment 5 Alexander Todorov 2010-06-16 13:54:45 EDT
With redhat-release-server-5.90Server-6.0.0.31.el6 there's the RPM-GPG-KEY-redhat-release which contains 2 keys, and 
RPM-GPG-KEY-redhat-legacy-former
RPM-GPG-KEY-redhat-legacy-rhx
RPM-GPG-KEY-redhat-legacy-release   which contain only one key.

Mark,
is the intention to keep the legacy files as is or to merge them with the redhat-release file?
Comment 6 Mark J. Cox 2010-06-17 03:39:54 EDT
intention was to keep legacy files as-is; I suppose we could merge legacy-former and legacy-release but I don't see any real need to do so.
Comment 7 Alexander Todorov 2010-06-17 03:54:55 EDT
Moving to VERIFIED then.
Comment 8 releng-rhel@redhat.com 2010-07-02 15:46:44 EDT
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.