Sigul Signing Problems – Removing a build from Koji June 27, 2011Posted by Paul Whalen in ARM, Koji.
Tags: cdot, fedora
My colleague Anthony recently finished setting up a Sigul Server instance that will be used by the Fedora ARM team to sign packages for release. After some initial hiccups with signing we successfully completed the first run, signing roughly 25000 packages – 15,000 of which will be included in our release of Fedora 13 rc1.
When composing the repo I received a number of errors that some packages weren’t signed with the preferred key. When then attempting to sign the package manually the process would also fail saying that the rpm was corrupt. When checked the rpm packages were fine, but checking the package directory structure the signature files were missing. More then likely as a result of some data loss we experienced a few weeks ago. In order to sign these packages, we needed to download them from koji, remove the build and then re-import and tag them.
First, download the packages so you can later import them and make note of the build ID. If the packages are not downloaded first, you will be required to rebuild them. (replace $nvr with your package nvr, eg ant-1.7.1-13.fc13)
arm-koji download-build $nvr
Then remove the build:
arm-koji call resetBuild $nvr
Due to a bug you will need to do some database clean up to remove all references to the build. You will need the build ID for this step (replace $buildID with your package build ID).
DELETE FROM tag_listing where build_id = $buildID;
DELETE FROM build where id = $buildID;
Once completed you can then import the downloaded rpms
arm-koji import *.rpm
arm-koji tag-pkg dist-f13 $nvr
Checking the directory structure of /mnt/koji/packages/$nvr you should now see the signature files that were lost, and be able to successfully sign the packages.