Re: Unsigned libevent RPM for 9.6 beta / F23

Hi,

On Tue, 2016-05-17 at 09:05 +0300, Oskari Saarenmaa wrote:
> http://yum.postgresql.org/9.6/fedora/fedora-23-x86_64/ currently 
> contains an unsigned libevent-2.0.22-1.f23.x86_64.rpm package breaking 
> installations when gpg check is requested.

*sigh*.

> I'm wondering if the package is needed at all on Fedora which provides 
> libevent 2.0.21?

Just a newer version, that is all. I agree that it is not a must.

> Unsigned packages have appeared a couple of times in the repos, would it 
> be possible to add a step checking signatures to the publishing process, 
> eg something that just runs rpm -K on the rpms.

Actually the packages cannot be built without signing them first -- at least it
used to be case until Fedora 22.

As of Fedora 22, we enter the passhprase once, and virtually all packages can
be built. The problem is, there is a (IIRC) 30 min timeout for a single
package. If the build takes longer than that, rpmbuild again asks for the
passphrase. If we are late at entering the password, the packages are built w/o
the keys.

For this particular 9.6/F-23 issue you reported, I intentionally built all
packages w/o gpg keys, to skip the issue above, then I'd sign everything
manually. I probably pushed the packages w/o signing them, before leaving home
at 05:30 on Sunday for my flight. Sorry about that.

I pushed signed packages to repo. They will sync to master repo in next hour.

Regards,
--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR