From fc62a6121f9003592e9fd6b06671718eeed12442 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 19 Jan 2022 15:07:46 -0500 Subject: [PATCH] Fix rpm GPG import for ELN ELN needs to import the current key as well as keys a few releases back, since it doesn't (currently) re-sign at Fedora branching. Signed-off-by: Stephen Gallagher --- fedora-container-common.ks | 8 +++++++- fedora-eln-container-base.ks | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fedora-container-common.ks b/fedora-container-common.ks index ac26f2d..b5a4bf6 100644 --- a/fedora-container-common.ks +++ b/fedora-container-common.ks @@ -68,7 +68,13 @@ echo 'LANG="C.UTF-8"' > /etc/locale.conf # https://bugzilla.redhat.com/show_bug.cgi?id=1400682 echo "Import RPM GPG key" -releasever=$(rpm --eval '%{fedora}') +releasever=$(rpm --eval '%{?fedora}') + +# When building ELN containers, we don't have the %{fedora} macro +if [ -z $releasever ]; then + releasever=eln +fi + rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary echo "# fstab intentionally empty for containers" > /etc/fstab diff --git a/fedora-eln-container-base.ks b/fedora-eln-container-base.ks index 34192ff..0f587ff 100644 --- a/fedora-eln-container-base.ks +++ b/fedora-eln-container-base.ks @@ -18,6 +18,12 @@ sudo %end %post --erroronfail --log=/root/anaconda-post.log +set -eux + +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-primary \ + /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-34-primary \ + /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-primary + # remove some extraneous files rm -rf /var/cache/dnf/* rm -rf /tmp/*