remove the rpm --import command, and reference the GPG key
directly in the repo file. This prevents the key from being
deleted on OS upgrade.
add GPG key references in repo files #674
fkooman/linux-app:rpm-repo into master remove the `rpm --import` command, and reference the GPG key directly in the `repo` file. This prevents the key from being deleted on OS upgrade.
@ -131,2 +130,4 @@
baseurl=https://app.eduvpn.org/linux/v4/rpm/fedora-$releasever-$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-python-eduvpn-client_v4
gpgcheck=1
enabled=1
what does this do?
enabled=1
Explicitly enable the repository, it is not strictly necessary as that is the default.
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-python-eduvpn-client_v4
Reference the public key on disk so the manual importing using rpm --import is no longer needed, dnf/yum takes care of it just in time.
The reason for wanting this (in one form or another) is that the upgrade process reference a tool to clean up the GPG keys that are no longer referenced anywhere, so it avoids them being deleted when the user runs that script (as recommended by upgrade process):
https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-offline/#sect-clean-up-old-keys
You could probably also directly reference the URL in the gpgkey line. I just don't know what happens when that key updates at that URL. Hopefully dnf/yum will refuse to function?
Thanks!
Also updated here a65f1e956e
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?