rocky-linux/documentation

correction for gpg key in LXD server book

tiltX opened this issue · 3 comments

tiltX commented

Hi,
I'm currently following the LXD server tutorial (using Rocky 8.7) and I'd like to propose a correction for this page: https://docs.rockylinux.org/books/lxd_server/01-install/

The part about the OpenZFS GPG key seems to be outdated. The file name is no longer /etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux but /etc/pki/rpm-gpg/RPM-GPG-KEY-openzfs.

Moreover, I'm not sure if that command actually "gets" the gpg key. Does it import it into gpg? After reading gpg's manpage I think "show-only" doesn't do that. I was asked to verify the gpg key by dnf when I installed zfs later on.

sspencerwire commented

Hello @tiltX and thanks for your report. Unfortunately, the build system that I used originally to install the LXD server (and write the documentation) was rebuilt using dir rather than zfs, mostly because I didn't need that in my home lab. The process of rebuilding it again, would require a new SSD and also a new snapshot server, as the one that I used for that, simply doesn't have the resources (memory / CPU) to rebuild it using a current release of Rocky.

That said, I've tested your report and you are absolutely correct about this. The key does import when you run your command, and oddly matches up to the one that is again prompted for during the install of zfs:

gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-openzfs
pub   rsa2048 2013-03-21 [SC]
      C93AFFFD9F3F7B03C310CEB6A9D5A1C0F14AB620
uid                      ZFS on Linux <zfs@zfsonlinux.org>
sub   rsa2048 2013-03-21 [E]

And during the install:

ZFS on Linux for EL8 - dkms                                                                                                                                                                                                                       1.6 MB/s | 1.7 kB     00:00    
Importing GPG key 0xF14AB620:
 Userid     : "ZFS on Linux <zfs@zfsonlinux.org>"
 Fingerprint: C93A FFFD 9F3F 7B03 C310 CEB6 A9D5 A1C0 F14A B620
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-openzfs

It doesn't look like it imports the key correctly, or at least that the system "sees" the key as imported, even though the key values match up.

I'm going to try a fresh install of 8.7 and then try installing zfs without first importing the key. It's possible that we need to just eliminate the key import step.

Thanks again for your report, and I'll let you know what I find out as well as update the document to match.

sspencerwire commented

I used a clean rockylinux/8 container (8.7) and installed zfs without importing the key. You get the prompt for the key (just as you reported), so I'll update the procedure to remove the key import.

Thank you again for your report!

sspencerwire commented

The PR for this has been merged. Thank you again @tiltX