Bug 600287 - Use a single file for all RHEL6 RPM GPG release keys
Summary: Use a single file for all RHEL6 RPM GPG release keys
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: redhat-release-server   
(Show other bugs)
Version: 6.0
Hardware: All
OS: Linux
Target Milestone: beta
: ---
Assignee: Andrew Thomas
QA Contact: Release Test Team
Depends On:
Blocks: 600278
TreeView+ depends on / blocked
Reported: 2010-06-04 10:56 UTC by Mark J. Cox
Modified: 2016-01-18 16:09 UTC (History)
6 users (show)

Fixed In Version: redhat-release-server-5.90Server-
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-07-02 19:46:44 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Mark J. Cox 2010-06-04 10:56:21 UTC
See blocks bz for reasoning why we wish to change the way we provide the GPG signing keys for RHEL6 and later by allowing the distribution of multiple signing keys in a single file.

In /etc/pki/rpm-gpg/
RPM-GPG-KEY-redhat-release-2 + RPM-GPG-KEY-redhat-auxiliary
> RPM-GPG-KEY-redhat-release

distribute RPM-GPG-KEY-redhat-release, remove RPM-GPG-KEY-redhat-release-2 and RPM-GPG-KEY-redhat-auxiliary

(If you prefer to keep the keys separate in the tarball and simply merge them in %install of spec, that's fine too)

  Note: "yum import" is happy to import multiple keys in a given
  file (note the keys need to be separately armoured just like we
  do with our CA files, i.e. as 'cat' above, not an exported GPG keyring).

  Note: It's possible legacy users might "rpm --import" a file with
  multiple keys.  Shipped versions of RPM will only import the first
  listed key.  RPM upstream since May 2010 handles multiple keys and
  this will be in RHEL6 before GA (bz#586827)

Comment 2 Dennis Gregorovic 2010-06-08 14:14:04 UTC
How about the following?


Comment 3 Mark J. Cox 2010-06-08 14:16:11 UTC
I don't see a reason not to ship those.

Comment 5 Alexander Todorov 2010-06-16 17:54:45 UTC
With redhat-release-server-5.90Server- there's the RPM-GPG-KEY-redhat-release which contains 2 keys, and 
RPM-GPG-KEY-redhat-legacy-release   which contain only one key.

is the intention to keep the legacy files as is or to merge them with the redhat-release file?

Comment 6 Mark J. Cox 2010-06-17 07:39:54 UTC
intention was to keep legacy files as-is; I suppose we could merge legacy-former and legacy-release but I don't see any real need to do so.

Comment 7 Alexander Todorov 2010-06-17 07:54:55 UTC
Moving to VERIFIED then.

Comment 8 releng-rhel@redhat.com 2010-07-02 19:46:44 UTC
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.