templates/rebase: update steps to untag old packages#2135
Open
marmijo wants to merge 1 commit intocoreos:mainfrom
Open
templates/rebase: update steps to untag old packages#2135marmijo wants to merge 1 commit intocoreos:mainfrom
marmijo wants to merge 1 commit intocoreos:mainfrom
Conversation
marmijo
changed the title
marmijo
force-pushed
the
rebase-checklist-updates
branch
from
57841c4 to
c085f5a
Compare
dustymabe
reviewed
Apr 15, 2026
| If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. | ||
| If there are any packages in the output, there are two possible cases: | ||
|
|
||
| 1. **The package is signed by multiple keys** including an older one. This is OK, but add it to the untaglist anyway so it gets retagged into `coreos-pool` with a newer key/signature. You'll need to untag the RPM from `coreos-pool`, run a `koji distrepo` (which will remove that RPM from the repo metadata), and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. |
Member
There was a problem hiding this comment.
Maybe we should give the full distrepo command:
Suggested change
| 1. **The package is signed by multiple keys** including an older one. This is OK, but add it to the untaglist anyway so it gets retagged into `coreos-pool` with a newer key/signature. You'll need to untag the RPM from `coreos-pool`, run a `koji distrepo` (which will remove that RPM from the repo metadata), and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. | |
| 1. **The package is signed by multiple keys** including an older one. This is OK, but add it to the untaglist anyway so it gets retagged into `coreos-pool` with a newer key/signature. You'll need to untag the RPM from `coreos-pool`, run a `koji dist-repo --non-latest coreos-pool key1 key2 key3` (which will remove that RPM from the repo metadata), and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. |
dustymabe
reviewed
Apr 15, 2026
Member
dustymabe
left a comment
dustymabe
left a comment
There was a problem hiding this comment.
Mostly LGTM - a few comments.
Also, let's update all links to the ansible repo to point to the new source of truth: https://forge.fedoraproject.org/infra/ansible.git
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.