Using a new CentOS Vagrant box, I tried to pull just the commit metadata and it failed with a GPG error. When I disabled GPG verification, I was able to pull the metadata, although it looked like it had transferred all the delta parts.
-bash-4.2# rpm-ostree status
State: idle
Deployments:
● centos-atomic-host:centos-atomic-host/7/x86_64/standard
Version: 7.20160818 (2016-08-18 14:28:07)
Commit: 709bfd3c4d9274c32bc3b691d642a3f95431136ec1a6b32e4cd5a13764647ba1
OSName: centos-atomic-host
GPGSignature: 1 signature
Signature made Thu 18 Aug 2016 02:39:07 PM UTC using RSA key ID F17E745691BA8335
Good signature from "CentOS Atomic SIG <security@centos.org>"
-bash-4.2# cat /etc/ostree/remotes.d/centos-atomic-host.conf
[remote "centos-atomic-host"]
url=http://mirror.centos.org/centos/7/atomic/x86_64/repo
branches=centos-atomic-host/7/x86_64/standard;
gpg-verify=true
-bash-4.2# ostree pull --commit-metadata-only --depth=-1 centos-atomic-host:centos-atomic-host/7/x86_64/standard
error: GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable)
-bash-4.2# sed -i 's|false|true|' /etc/ostree/remotes.d/centos-atomic-host.conf
-bash-4.2# ostree pull --commit-metadata-only --depth=-1 centos-atomic-host:centos-atomic-host/7/x86_64/standard
8 delta parts, 9 loose fetched; 122531 KiB transferred in 15 seconds
-bash-4.2# sed -i 's|true|false|' /etc/ostree/remotes.d/centos-atomic-host.conf
-bash-4.2# rpm-ostree upgrade
Updating from: centos-atomic-host:centos-atomic-host/7/x86_64/standard
1 metadata, 0 content objects fetched; 313 B transferred in 0 seconds
Copying /etc changes: 32 modified, 8 removed, 38 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Changed:
NetworkManager 1:1.0.6-30.el7_2 -> 1:1.0.6-31.el7_2
NetworkManager-libnm 1:1.0.6-30.el7_2 -> 1:1.0.6-31.el7_2
device-mapper-multipath 0.4.9-85.el7_2.5 -> 0.4.9-85.el7_2.6
device-mapper-multipath-libs 0.4.9-85.el7_2.5 -> 0.4.9-85.el7_2.6
dnsmasq 2.66-14.el7_1 -> 2.66-14.el7_2.1
docker 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
docker-common 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
docker-latest 1.10.3-46.el7.centos.10 -> 1.12.1-2.el7.centos
docker-lvm-plugin 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
docker-novolume-plugin 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
docker-selinux 1.10.3-46.el7.centos.10 -> 1.10.3-46.el7.centos.14
etcd 2.3.7-2.el7 -> 2.3.7-4.el7
kernel 3.10.0-327.28.2.el7 -> 3.10.0-327.36.1.el7
kmod 20-5.el7 -> 20-8.el7_2
kmod-libs 20-5.el7 -> 20-8.el7_2
kpartx 0.4.9-85.el7_2.5 -> 0.4.9-85.el7_2.6
libarchive 3.1.2-7.el7 -> 3.1.2-10.el7_2
libgudev1 219-19.el7_2.12 -> 219-19.el7_2.13
oci-register-machine 1:0-1.7.git31bbcd2.el7 -> 1:0-1.8.gitaf6c129.el7
python 2.7.5-34.el7 -> 2.7.5-39.el7_2
python-libs 2.7.5-34.el7 -> 2.7.5-39.el7_2
python-perf 3.10.0-327.28.2.el7 -> 3.10.0-327.36.1.el7
selinux-policy 3.13.1-60.el7_2.7 -> 3.13.1-63.atomic.el7.7
selinux-policy-targeted 3.13.1-60.el7_2.7 -> 3.13.1-63.atomic.el7.7
systemd 219-19.el7_2.12 -> 219-19.el7_2.13
systemd-libs 219-19.el7_2.12 -> 219-19.el7_2.13
systemd-sysv 219-19.el7_2.12 -> 219-19.el7_2.13
tuned 2.5.1-4.el7_2.3 -> 2.5.1-4.el7_2.6
tuned-profiles-atomic 2.5.1-4.el7_2.3 -> 2.5.1-4.el7_2.6
Run "systemctl reboot" to start a reboot
-bash-4.2# rpm-ostree status
State: idle
Deployments:
centos-atomic-host:centos-atomic-host/7/x86_64/standard
Version: 7.20160920 (2016-09-20 16:46:56)
Commit: 54ab8ab29b51eabb82e78932d12a16b16170051dcc983714e7ff11bc8f1deaf0
OSName: centos-atomic-host
GPGSignature: 1 signature
Signature made Tue 20 Sep 2016 05:05:27 PM UTC using RSA key ID F17E745691BA8335
Good signature from "CentOS Atomic SIG <security@centos.org>"
● centos-atomic-host:centos-atomic-host/7/x86_64/standard
Version: 7.20160818 (2016-08-18 14:28:07)
Commit: 709bfd3c4d9274c32bc3b691d642a3f95431136ec1a6b32e4cd5a13764647ba1
OSName: centos-atomic-host
GPGSignature: 1 signature
Signature made Thu 18 Aug 2016 02:39:07 PM UTC using RSA key ID F17E745691BA8335
Good signature from "CentOS Atomic SIG <security@centos.org>"
Using a new CentOS Vagrant box, I tried to pull just the commit metadata and it failed with a GPG error. When I disabled GPG verification, I was able to pull the metadata, although it looked like it had transferred all the delta parts.