On Tue, Jul 08, 2025 at 09:22:06AM +0200, Zdenek Dohnal wrote: > Hi all, > > thank you for all the work you did/are doing atm with datacenter move! I'm > looking forward to faster infrastructure for my builds and tests :) . > > Unfortunately (as with every big change) discrepancies are appearing and > although I've tried to check emails here and the blog post on the community > blog, I didn't find whether there are some steps to take for packagers after > the datacenter move, so I don't know atm whether the issues I see are part > of post movement work and they will be fixed soon, or whether I as a > packager have to make some configuration changes. > > I see two issues atm: > > 1. when I try to pull updates from pkgs.fedoraproject.org, I get an error > that host key has changed:
You can use any of the following methods to verify the host key: 1. Copy https://admin.fedoraproject.org/ssh_known_hosts to your ~/.ssh/known_hosts. This will trust our certificate authority, which in turn will validate the host key (and any other ones we sign moving foward). 2. Use SSHFP dns records with 'VerifyHostKeyDNS=yes'. If you have dnssec enabled this should just trust the key, if not it will ask you, so not a good method if you don't have dnssec. 3. Check the host key against: https://src.fedoraproject.org/ssh_info We should probibly put this info into onboarding docs, it's just been a long time since it changed. > > =========================================================================================== > > 2. when I try to update my Fedora 42, there are many checksum mismatches: > > =========================================================================================== > > $ sudo dnf -y upgrade --refresh > ... > Fedora 42 - x86_64 - Updates 66% [============ ] | 46.5 KiB/s | 184.2 > KiB | 00m01s > Fedora 42 - x86_64 - Updates 66% [============ ] | 46.5 KiB/s | 184.4 > KiB | 00m01s > >>> Downloading successful, but checksum doesn't match. Calculated: > >>> 98f903f88c9483cd64474dd2b1648a1e2f211321cebdd80c2f917436604acc41373fac16c2e1aa4b8d44c2b2e42c8f8c9a14cec7b2cca897f0a1e06dcabe23bb(sha512) > 98f903f > > =========================================================================================== > > and so on, but only for Updates repo. This should be fixed now. > > I saw there is infra issue about this - > https://pagure.io/fedora-infrastructure/issue/12620 - but I would like to > consult this here beforehand, so I wouldn't spam the ticket. > > The latter problem looks like a post-move problem to me, which will get > solved outside of the machine, but the former maybe it is expected from > packagers to change? > > If there are actually some steps packagers have to take after move, it would > be great if it was announced beforehand (if it is known beforehand it will > have to be done) or after all post-movement work is done. > > Thank you in advance! I tried to announce things to devel-announce (which also cc to this list). Open to ideas on how to better announce things. kevin -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
