Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for releasever variable in signing key field for repository definitions #2381

Closed
Conan-Kudo opened this issue Oct 15, 2023 · 1 comment · Fixed by #2382
Closed

Add support for releasever variable in signing key field for repository definitions #2381

Conan-Kudo opened this issue Oct 15, 2023 · 1 comment · Fixed by #2382
Assignees
@schaefi
Labels
Enhancement
Projects
Fedora KIWI adoption

Comments

@Conan-Kudo
Copy link
Member

Problem description

Fedora Linux repository definitions use a different GPG signing key for every release. The key is named with the release version in it to match the Fedora release, but while we can specify $releasever/${releasever} for the repository URL because it gets handled directly by DNF, we cannot do the same for the signing key attribute because kiwi does not translate this from the release-version preference setting in the description.

Please add support for this so that supporting Fedora releases is less painful.

Expected behavior

When release-version changes, the repository definition (with the repository URL and the signing key) is handled properly and kiwi imports the correct signing key.

Steps to reproduce the behavior

Add the following snippet to your kiwi description:

<image>
	<repository type="rpm-md" alias="fedora" sourcetype="metalink">
		<source path="https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&amp;arch=$basearch">
			<signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary"/>
		</source>
	</repository>
        <repository type="rpm-md" alias="updates" sourcetype="metalink">
                <source path="https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&amp;arch=$basearch">
                        <signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary"/>
                </source>
        </repository>
</image>

And have the release-version preference set to some Fedora release (like 39).

The GPG key import will fail, because $releasever does not get replaced with the value of release-version.

OS and Software information

  • KIWI version: 9.25.13
  • Operating system host version: Fedora Linux 39
  • Operating system target version: Fedora Linux 39
  • Open Build Service version (N/A if not using OBS): N/A
  • Koji version (N/A if not using Koji): N/A
@Conan-Kudo
Copy link
Member Author

cc: @davide125, @davdunc, @xevious

@schaefi schaefi self-assigned this Oct 15, 2023
schaefi added a commit that referenced this issue Oct 16, 2023
@schaefi
Support release version in signkey URLs
b7bf409 
Using one of the $releasever/${releasever} variable placeholders
in an URL as part of a <signing key="..."/> element did not replace
the placeholder with the value of the <release-version> element.
This commit fixes this and also makes sure that the result list
for downloading signing keys is unique. This Fixes #2381
@schaefi schaefi mentioned this issue Oct 16, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schaefi schaefi

Labels
Enhancement
Projects
Fedora KIWI adoption
Awaiting triage
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support release version in signkey URLs OSInside/kiwi
2 participants
@Conan-Kudo @schaefi