Fix GPG import issue on post scriptlet #63
Conversation
Unlike EL6 and EL7 in EL8, you need to import the gpg key manually instead of as %post scriptlet Signed-off-by: Elkhan Mammadli <elkhan.mammadli@protonmail.com>
|
I'm unable to reproduce this on Centos 8.5. It prompts me for the key on zfs install: |
|
I've just run the Result: [vagrant@centos85 ~]$ cat /etc/redhat-release
CentOS Linux release 8.5.2111
[vagrant@centos85 ~]$ sudo dnf install https://zfsonlinux.org/epel/zfs-release.el8_5.noarch.rpm
Last metadata expiration check: 0:10:02 ago on Mon 21 Feb 2022 08:21:15 PM UTC.
zfs-release.el8_5.noarch.rpm 22 kB/s | 9.7 kB 00:00
Dependencies resolved.
==============================================================================================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================================================================================
Installing:
zfs-release noarch 1-8.5 @commandline 9.7 k
Transaction Summary
==============================================================================================================================================================================================
Install 1 Package
Total size: 9.7 k
Installed size: 2.9 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : zfs-release-1-8.5.noarch 1/1
Running scriptlet: zfs-release-1-8.5.noarch 1/1
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux: key 1 import failed.
warning: %post(zfs-release-1-8.5.noarch) scriptlet failed, exit status 1
Error in POSTIN scriptlet in rpm package zfs-release
Verifying : zfs-release-1-8.5.noarch 1/1
Installed:
zfs-release-1-8.5.noarch
Complete!
|
|
Indeed, the issue is when installing the [1] in the fedora |
|
Thanks for this fix. I'm actually working on a "universal" zfs-release RPM, and will roll this in with it. The universal zfs-release RPM will mean you don't have to install a specific Centos 8.4, 8.5, 8.6, etc zfs-release RPM for every minor release. If it's alright with you, can I close this PR once I've rolled it into the new universal zfs-release RPM? |
|
The I will incorporate this into my universal zfs-release RPM. |
|
Hey @tonyhutter 👋 I didn't know the RPMs generated by the universal spec file and thought, importing the rpm gpg key manually before the package installation and adding this to the documentation might be a good idea for Yes, feel free to close the PR. Thank you! |
|
Hi,
The It might be just as simple to remove it entirely and let the key be imported by yum on those older RHEL systems? That is largely only RHEL 7 at this point (though I know there are folks running RHEL 6 still). AFAIK, yum will prompt on either of them when a key needs to be imported -- but that's from memory and I could always be wrong.
Happy to hear about a universal zfs-release. That sounds much easier for everyone. Thanks! |
There would be separate "universal" RPMs for Centos and Fedora. The reason being that Centos has a |
I was thinking of a shared spec file/srpm. At the risk of getting too far off topic for this PR (apologies), a combined spec file for Fedora and EL could be done something like this (lightly tested): https://gist.github.com/tmzullinger/0bdfb7354ee650dc20e8e1cbf43d9c65. The version or release field would need to be bumped there, to be newer than the current EL8 packages. If that can help reduce the srpm's you have to manage, please feel free to use any bits of it. :) |
|
@tmzullinger thank you for the patch! I'll give it a test, and if all goes well we'll use it going forward. |
|
@tmzullinger unfortunately I don't think it's going to work the way we had hoped. Your changes give us a universal source RPM, which is good, but when you build the actual RPM, it will contain the zfs.repo file for whatever distro you built it on: $ rpm -qpl SRPMS/zfs-release-2-1.src.rpm
RPM-GPG-KEY-zfsonlinux
zfs-fedora.repo
zfs-release.spec
zfs-rhel.repo
$ rpm -qpl RPMS/noarch/zfs-release-2-1.noarch.rpm
/etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
/etc/yum.repos.d/zfs.repoSo we'll still need to distribute both a |
|
Yeah. The binary rpm could choose which repo file to use at install-time, but then we'd have some scripting to parse /etc/os-release or similar. And then the contents of the .repo files aren't tracked by rpm as they normally would be. That seems like more trouble than it's worth. I only aimed for a single srpm which could generate a universal binary rpm for each of the two targets (once it included any changes to the repo files to handle different EL versions). I'd be happy to take a look at what a universal source and binary rpm might look like, if you think it might be of value. (It could still turn out to be a no, once the rubber hits the road, of course.) If so, perhaps that's best in another issue & pull request? |
Yea, we should probably track the "universal" RPM discussion in openzfs/zfs#10328 I'm leaning towards the idea of distributing the "universal" source RPM along with the distro-specific binary RPMs (which support all versions of the distro). That seems to be the easiest and most straightforward solution. Most binary RPMs are distro-specific anyway, so it's not there's an expectation that it should be cross-distro. |
1. Update the spec files to use $releasever instead of hard coding the version number (7.9, 8.3, 8.4 ...) in the repo. This means you can use zfs-release-el-1.rpm for any version of RHEL/AlmaLinux/Centos, and zfs-release-fedora-1.rpm for any version of Fedora. openzfs/zfs#10328 2. Only import our RPM key on CentOS 7: zfsonlinux#63 Signed-off-by: Tony Hutter <hutter2@llnl.gov>
|
So #67 that I just opened includes the GPG fix. Once that gets merged I think we can close this PR. |
1. Update the spec files to use $releasever instead of hard coding the version number (7.9, 8.3, 8.4 ...) in the repo. This means you can use zfs-release-el-1.rpm for any version of RHEL/AlmaLinux/Centos, and zfs-release-fedora-1.rpm for any version of Fedora. openzfs/zfs#10328 2. Only import our RPM key on CentOS 7: zfsonlinux#63 Signed-off-by: Tony Hutter <hutter2@llnl.gov>
1. Update the spec files to use $releasever instead of hard coding the version number (7.9, 8.3, 8.4 ...) in the repo. This means you can use zfs-release-el-1.rpm for any version of RHEL/AlmaLinux/Centos, and zfs-release-fedora-1.rpm for any version of Fedora. openzfs/zfs#10328 2. Only import our RPM key on CentOS 7: #63 Signed-off-by: Tony Hutter <hutter2@llnl.gov>
|
I recommend we close this in favor of #67 and openzfs/openzfs-docs#325 |
Closed. @tonyhutter Could you publish the spec files? In this way, people can directly contribute to the spec file, and we can see actual and final changes without downloading and inspecting the uploaded source rpm or reading generated patches in the comments in #67. |
In the past we've simply checked in the zfs-release RPM files directly. It was requested that we start checking in the spec and repo files too so that you can easily see the diff when making changes. This commit checks in all the files needed to create the RPMs, along with instructions on how to build them. Addresses: zfsonlinux#63 Signed-off-by: Tony Hutter <hutter2@llnl.gov>
No problem: #68 |
In the past we've simply checked in the zfs-release RPM files directly. It was requested that we start checking in the spec and repo files too so that you can easily see the diff when making changes. This commit checks in all the files needed to create the RPMs, along with instructions on how to build them. Signed-off-by: Tony Hutter <hutter2@llnl.gov> Closes #63
Unlike EL6 and EL7 in EL8, you need to import the gpg key manually instead of as
%postscriptletSee: https://access.redhat.com/solutions/3720351
These lines was removed:
It asks for importing the GPG key on the first attempt to install now:
I couldn't find repo's of the spec file and uploaded it as the source and binary RPM. Feel free to sign and/or rename them.
Signed-off-by: Elkhan Mammadli elkhan.mammadli@protonmail.com