[opensuse-packaging] Setting up an openSUSE repository
[I sent this to -programming first, which I now realize is probably the wrong list -- apologies for the double post] Hi folks, I'm trying to set up a repository with packages precompiled for a number of distributions, openSUSE being one of them. Running "createrepo" is fairly easy and seems to work, except that zypper complains that the repomd.xml file isn't signed. Adding "gpg --clearsign -b" to my script fixed that, except that now it starts complaining that the key isn't known, and I can't seem to figure out how zypper decides which keys are known, and/or to which repository they belong. Is this documented somewhere? If not, can someone explain to me how the pieces fit together? Ideally, I would like to just create a package containing the .repo file and other configuration files that I can then tell people to install. (Yes, I know about OBS, but due to various other requirements in our environment that isn't an option) Thanks, -- Wouter Verhelst NixSys BVBA M: +32 486 836 198 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Thu, Jun 19, 2014 at 01:15:30PM +0200, Wouter Verhelst wrote:
[I sent this to -programming first, which I now realize is probably the wrong list -- apologies for the double post]
Hi folks,
I'm trying to set up a repository with packages precompiled for a number of distributions, openSUSE being one of them.
Running "createrepo" is fairly easy and seems to work, except that zypper complains that the repomd.xml file isn't signed. Adding "gpg --clearsign -b" to my script fixed that, except that now it starts complaining that the key isn't known, and I can't seem to figure out how zypper decides which keys are known, and/or to which repository they belong.
Put the key into "repomd.xml.key" besides repomd.xml and repomd.xml.asc If the update stack sees it there, it will ask if it should get trusted/imported and after confirming this, it will be known to the system.
Is this documented somewhere? If not, can someone explain to me how the pieces fit together? Ideally, I would like to just create a package containing the .repo file and other configuration files that I can then tell people to install.
I thought I documented it in the Wiki, but that seems to be gone from google at least. CIao, MArcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Thu, Jun 19, 2014 at 01:22:32PM +0200, Marcus Meissner wrote:
On Thu, Jun 19, 2014 at 01:15:30PM +0200, Wouter Verhelst wrote:
[I sent this to -programming first, which I now realize is probably the wrong list -- apologies for the double post]
Hi folks,
I'm trying to set up a repository with packages precompiled for a number of distributions, openSUSE being one of them.
Running "createrepo" is fairly easy and seems to work, except that zypper complains that the repomd.xml file isn't signed. Adding "gpg --clearsign -b" to my script fixed that, except that now it starts complaining that the key isn't known, and I can't seem to figure out how zypper decides which keys are known, and/or to which repository they belong.
Put the key into "repomd.xml.key" besides repomd.xml and repomd.xml.asc
Ah, okay. I had seen that in a repository, but assumed it would have to be configured somewhere. Maybe I should just have tried ;-)
If the update stack sees it there, it will ask if it should get trusted/imported and after confirming this, it will be known to the system.
Okay, yes, that's a bit better. However, the keys aren't added to the RPM database, and I can't seem to figure out how to do that. I've added them to my package and have added them to the .repo file that I ship in a "gpgkey" entry, similar to how this works for Fedora, but that doesn't seem to do the trick. As a result, now zypper allows the key, but RPM still produces a NOKEY message. What am I missing? Thanks, -- Wouter Verhelst NixSys BVBA M: +32 486 836 198 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Thu, Jun 19, 2014 at 10:20 AM, Wouter Verhelst
On Thu, Jun 19, 2014 at 01:22:32PM +0200, Marcus Meissner wrote:
On Thu, Jun 19, 2014 at 01:15:30PM +0200, Wouter Verhelst wrote:
[I sent this to -programming first, which I now realize is probably the wrong list -- apologies for the double post]
Hi folks,
I'm trying to set up a repository with packages precompiled for a number of distributions, openSUSE being one of them.
Running "createrepo" is fairly easy and seems to work, except that zypper complains that the repomd.xml file isn't signed. Adding "gpg --clearsign -b" to my script fixed that, except that now it starts complaining that the key isn't known, and I can't seem to figure out how zypper decides which keys are known, and/or to which repository they belong.
Put the key into "repomd.xml.key" besides repomd.xml and repomd.xml.asc
Ah, okay. I had seen that in a repository, but assumed it would have to be configured somewhere. Maybe I should just have tried ;-)
If the update stack sees it there, it will ask if it should get trusted/imported and after confirming this, it will be known to the system.
Okay, yes, that's a bit better.
However, the keys aren't added to the RPM database, and I can't seem to figure out how to do that. I've added them to my package and have added them to the .repo file that I ship in a "gpgkey" entry, similar to how this works for Fedora, but that doesn't seem to do the trick. As a result, now zypper allows the key, but RPM still produces a NOKEY message.
What am I missing?
Why don't you just configure your repo to not check the GPG key, "zypper mr -G repo_name"? If this is a private repo that you're maintaining and control I fail to see any benefit. rpm --import or rpmkeys --import is how you import public keys. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Thu, Jun 19, 2014 at 04:20:18PM +0200, Wouter Verhelst wrote:
On Thu, Jun 19, 2014 at 01:22:32PM +0200, Marcus Meissner wrote:
On Thu, Jun 19, 2014 at 01:15:30PM +0200, Wouter Verhelst wrote:
[I sent this to -programming first, which I now realize is probably the wrong list -- apologies for the double post]
Hi folks,
I'm trying to set up a repository with packages precompiled for a number of distributions, openSUSE being one of them.
Running "createrepo" is fairly easy and seems to work, except that zypper complains that the repomd.xml file isn't signed. Adding "gpg --clearsign -b" to my script fixed that, except that now it starts complaining that the key isn't known, and I can't seem to figure out how zypper decides which keys are known, and/or to which repository they belong.
Put the key into "repomd.xml.key" besides repomd.xml and repomd.xml.asc
Ah, okay. I had seen that in a repository, but assumed it would have to be configured somewhere. Maybe I should just have tried ;-)
If the update stack sees it there, it will ask if it should get trusted/imported and after confirming this, it will be known to the system.
Okay, yes, that's a bit better.
However, the keys aren't added to the RPM database, and I can't seem to figure out how to do that. I've added them to my package and have added them to the .repo file that I ship in a "gpgkey" entry, similar to how this works for Fedora, but that doesn't seem to do the trick. As a result, now zypper allows the key, but RPM still produces a NOKEY message.
What am I missing?
They should be added if this question comes up and you select "trust forever" to the question. rpm -qa|grep gpg-pubkey Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Thu, Jun 19, 2014 at 05:42:42PM +0200, Marcus Meissner wrote:
On Thu, Jun 19, 2014 at 04:20:18PM +0200, Wouter Verhelst wrote:
However, the keys aren't added to the RPM database, and I can't seem to figure out how to do that. I've added them to my package and have added them to the .repo file that I ship in a "gpgkey" entry, similar to how this works for Fedora, but that doesn't seem to do the trick. As a result, now zypper allows the key, but RPM still produces a NOKEY message.
What am I missing?
They should be added if this question comes up and you select "trust forever" to the question.
Okay, I see it now. I was slightly confused by the ordering of the hashes in the gpg-pubkey naming (really, I'm more of a Debian guy myself). Obviously, when I then tried to add them with "rpmkeys --import", nothing happened, because they were already there... Got it working now. Thanks, -- <Lo-lan-do> Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (4)
-
Darin Perusich
-
Marcus Meissner
-
Wouter Verhelst
-
Wouter Verhelst