ydirson@free.fr:
Hi all,
(resent here since something seems to block with qubes-devel)
I'm probably missing something in how the build is supposed to work:
Following the build instructions at Qubes ISO building | Qubes OS,
configuring with ./setup, first with NO_SIGN=1. The build of rpm-dom0-fc25
succeeds, and then the build of linux-dom0-updates-dom0-fc25 fails with:Downloading Packages:
[SKIPPED] perl-Fedora-VSP-0.001-4.fc25.noarch.rpm: Already downloaded
[SKIPPED] perl-generators-1.10-1.fc25.noarch.rpm: Already downloaded
Package rpm-devel-4.14.2.1-5.fc25.x86_64.rpm is not signed
Plugging that error into a search engine suggests adding a "--nogpgcheck" flag to yum to work around it, but it seems odd/suspicious that would be needed if the other packages are passing the signature check. Are you building a 4.0 ISO?
At first I thought that maybe the NO_SIGN=1 case was not being as much used
as the NO_SIGN=0 one, so I went generating a key and configure it as
explained in Qubes builder | Qubes OS.
You should be able to complete the entire build without signing it. The error is saying the downloaded package is not signed, not your build.
Also, is it really a good thing to have 2 separate pages talking about roughly the
same thing, with /doc/qubes-builder/ telling about NO_SIGN (which we see in templates)
and .rpmmacros, and /doc/qubes-iso-building/ talking about "fully signed build" using
SIGN_KEY (which we don't see in templates) ?
Probably not the best, but when I last looked at it I couldn't figure out a way to consolidate them without making it overly cluttered. Please submit a pull request if you have an idea, though.