[rdo-list] Verify Signature on old rpms

Alan Pevec apevec at redhat.com
Thu Aug 31 18:56:59 UTC 2017


On Wed, Aug 23, 2017 at 10:36 PM, Will McKeon <wmckeon at circadence.com> wrote:
> I know that RDO no longer supports RHEL6, but I have to use RHEL 6 and I
> need to use some of the packages provided by RDO.  However, I also need to
> be able to verify those rpms were signed by RDO.  Where can I find the
> public keys that those packages were signed with?

Before moving RDO to CentOS Cloud SIG repos (where packages are signed
with CentOS key), RPMs where signed with a new key per release and
pushed to repos.fedorapeople.org.
Which release are you using? RHEL6 can latest be Icehouse, archived at
https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6/
You can find gpg keys by digging into rdo-release repo, EOL branches
are removed, but there are old tags:
https://github.com/rdo-infra/rdo-release/blob/icehouse-4.1/RPM-GPG-KEY-RDO-Icehouse

And please do upgrade asap!

Cheers,
Alan




More information about the dev mailing list