[opensuse-autoinstall] SLES10 updates failing even though signature-handling set
While working on a SLES10 image, I'm running into a problem where it's
ignoring my updates path, even though I've signed content and put the
key into the initrd file, and included the signature parts in the
profile:
My general section looks like:
<general>
<mode>
<confirm config:type="boolean">false</confirm>
<forceboot config:type="boolean">false</forceboot>
</mode>
<mouse>
<id>none</id>
</mouse>
Hi Mike On Tuesday 27 March 2007 22:39, Mike Marion wrote:
While working on a SLES10 image, I'm running into a problem where it's ignoring my updates path, even though I've signed content and put the key into the initrd file, and included the signature parts in the profile:
My general section looks like: <general> <mode> <confirm config:type="boolean">false</confirm> <forceboot config:type="boolean">false</forceboot> </mode> <mouse> <id>none</id> </mouse>
</general> true true true true but I still get "Can't find packages openafs, openafs-client, openafs-devel" (Our builds of openafs) that are in updates, and y2log shows:
KeyRing.cc(verifyFileSignatureWorkflow):336 User does not want to accept unknown key 2007-03-26 18:16:35 <5> 10.42.37.135(3306) [base] Exception.cc(log):94 SuseTagsImpl.cc(downloadMetadata):261 THROW: SuseTagsImpl.cc(downloadMetadata):261: Error. Source signature does not validate and user does not want to continue. 2007-03-26 18:16:35 <0>
It explicitly says "User does not want to accept unknown key" which isn't true. An almost identical setup for SLED10 is working (it's updates path was create with create_update_source.sh from SLED10, the above from the SLES10 version of the script).
The key also shouldn't show up as unknown (I would think) since it had imported the key left in the initrd.
I had this exact problem last week and Uwe sorted it out for me. Simply add
Also.. there seem to be tons of things missing from the dtd files so that using xmllint --valid is basically useless because things like signature_handling aren't even defined (nor are it's interior bits).
I found it in the FAQ (after it had been pointed out to me!)
I have applied the sles10 root fix v.4 script too .
Cheers Pete -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
On Tuesday 27 March 2007 23:39, Mike Marion wrote:
I'm running into a problem where it's ignoring my updates path, even though I've signed content and put the key into the initrd file, and included the signature parts in the profile:
it's: <signature-handling> the DTDs on SLES10 are not maintained anymore. On SP1 we switched to RNG files instead of DTD: http://www.suse.com/~ug/autoyast_doc/Profile.DTD.html -- ciao, Uwe Gansert Uwe Gansert, Server Technologies Team SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Business: http://www.suse.de/~ug -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
On Wed, Mar 28, 2007 at 09:41:42AM +0200, Uwe Gansert wrote:
<signature-handling>
D'oh. You know how many times I looked at that and didn't see it?!? :)
the DTDs on SLES10 are not maintained anymore. On SP1 we switched to RNG files instead of DTD: http://www.suse.com/~ug/autoyast_doc/Profile.DTD.html
Ah.. I missed that, thought I'd read all the stuff off your page too.. obviously not. BTW, adding the tag the other person suggested seemed to help too, before I fixed the above _ vs -. -- Mike Marion-Unix SysAdmin/Staff IT Engineer-http://www.qualcomm.com [Bart's up in the treehouse] Marge: "What do you think he's doing up there?" Homer: "I don't know... Drug lab?" Marge: "Drug Lab!?!?" Homer: "Or reading comic books. What am I? Kreskin? You tell me what he's doing!" ==> Simpsons -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
participants (3)
-
Mike Marion -
Peter Connolly -
Uwe Gansert