26 – circle8-official-key after clean install from ISO 8.6

Bug 26 - circle8-official-key after clean install from ISO 8.6

Summary: circle8-official-key after clean install from ISO 8.6

Status:	CONFIRMED

Alias:	None

Product:	Circle Linux
Classification:	Circle
Component:	General (show other bugs)
Version:	Circle Linux 8
Hardware:	PC Linux

Importance:	--- major
Assignee:	James Xie

URL:

Depends on:
Blocks:

Reported:	2022-05-26 22:35 CST by Jeffrey de Bruijn
Modified:	2022-05-27 12:52 CST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeffrey de Bruijn 2022-05-26 22:35:36 CST

After a clean install this is what I experienced

$ sudo dnf update --refresh
Circle Linux 8 - AppStream                                                                                                               3.3 MB/s | 7.8 MB     00:02    
Circle Linux 8 - BaseOS                                                                                                                  2.2 MB/s | 2.6 MB     00:01    
Circle Linux 8 - Extras                                                                                                                  2.0 kB/s | 2.8 kB     00:01    
Dependencies resolved.
=========================================================================================================================================================================
 Package                             Architecture                           Version                                         Repository                              Size
=========================================================================================================================================================================
Upgrading:
 sos                                 noarch                                 4.2-19.el8_6                                    baseos                                 775 k

Transaction Summary
=========================================================================================================================================================================
Upgrade  1 Package

Total download size: 775 k
Is this ok [y/N]: y
Downloading Packages:
sos-4.2-19.el8_6.noarch.rpm                                                                                                              5.8 MB/s | 775 kB     00:00    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                    603 kB/s | 775 kB     00:01     
Circle Linux 8 - BaseOS                                                                                                                  1.6 MB/s | 1.6 kB     00:00    
Importing GPG key 0x8A3CB08A:
 Userid     : "circle8-official-key"
 Fingerprint: 99F3 EA8B BBD8 1D49 5EEC 0BF3 C746 6D73 8A3C B08A
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-circleofficial
Is this ok [y/N]:

This is bad: it trains the user to import GPG keys which can be an unsafe practice. The GPG key should be provided with the ISO

Comment 1 Bella Zhang 2022-05-27 12:52:19 CST

Yes , we test it. 

$ sudo mount Circle-8.6-x86_64-dvd1.iso mnt/
 
$ find mnt/BaseOS/ |grep circle-gpg-keys
mnt/BaseOS/Packages/circle-gpg-keys-8-7.el8.1.noarch.rpm

indeed, circle-gpg-keys include Circle-8.6 ISO.

Circle Linux 8.6 add new repo Circle-NFV.repo, and circle-linux-repos provide it.

$ rpm -qf /etc/yum.repos.d/Circle-NFV.repo 
circle-linux-repos-8-7.el8.1.noarch

so, while dnf update --refresh, dnf will update circle-gpg-keys and reimport GPG keys. 

Thanks a lot.

Regards.