On Tue, Sep 04, 2018 at 03:59:23PM +0200, Andrea Bolognani wrote:
During each Rawhide development cycle there is a point at which packages start being signed with new keys, which causes updates to fail.
To work around the problem, make sure fedora-gpg-keys is updated before attempting to update all other packages; updating fedora-gpg-keys itself requires gpg signature checking to be disabled.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- I am actually not 100% sure we need to disable gpg signature checking in order to update fedora-gpg-keys: it would make sense for that one package to be signed with the old key to make the update possible without breaking trust at any point in time. Unfortunately I updated my Rawhide guest without taking a snapshot first, and I can't figure out a way to get it back to a state suitable for checking whether the above makes sense :( Perhaps someone with deeper understanding of the Fedora release process will confirm or deny. guests/lcitool | 24 +++++++++++++++++------- guests/playbooks/update/tasks/base.yml | 9 +++++++++ 2 files changed, 26 insertions(+), 7 deletions(-)
After chatting with one of the Fedora team about this, we came to conclusion there's no nicer option right now, so Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|