[zypp-devel] dealing with unsigned repos and keys
Hi, I have this case where I want to use the adobe repo to install flash, so I install http://linuxdownload.adobe.com/linux/i386/adobe-release-i386-1.0-1.noarch.rp... which does install the repo file (for yum) and the public key: /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux /etc/yum.repos.d/adobe-linux-i386.repo I copy the repo file to the zypp repo directory and try to install flash, zypper complains about the repo not being signed. How can i make zypper ignore repo signatures, but still import the configured gpg key in the repo file? Anas-- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On 06/24/2010 05:20 AM, Anas Nashif wrote:
Hi, I have this case where I want to use the adobe repo to install flash, so I install
http://linuxdownload.adobe.com/linux/i386/adobe-release-i386-1.0-1.noarch.rp...
which does install the repo file (for yum) and the public key:
/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux /etc/yum.repos.d/adobe-linux-i386.repo
I copy the repo file to the zypp repo directory and try to install flash, zypper complains about the repo not being signed.
How can i make zypper ignore repo signatures, but still import the configured gpg key in the repo file?
Hi! Zypp only recognizes public keys imported into rpm database (rpm --import pub-key-file). We would need to make it look into /etc/pki/rpm-gpg as well to make this work. What about rpm itself, does it look for keys in that directory? -- cheers, jano Ján Kupec YaST team ---------------------------------------------------------(PGP)--- Key ID: 637EE901 Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901 ---------------------------------------------------------(IRC)--- Server: irc.freenode.net Nick: jniq Channels: #zypp #yast #suse #susecz ---------------------------------------------------------(EOF)---
On Thu, Jun 24, 2010 at 09:42:51AM +0200, Jano Kupec wrote:
Hi! Zypp only recognizes public keys imported into rpm database (rpm --import pub-key-file). We would need to make it look into /etc/pki/rpm-gpg as well to make this work.
What about rpm itself, does it look for keys in that directory?
No. (But newer versions look in /var/lib/rpm/pubkeys/*, a feature that SUSE doesn't use currently.) Doesn't libzypp look at the "repo_gpgcheck" option from the repository definition, like yum does? Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On 2010-06-24, at 5:02 AM, Michael Schroeder wrote:
On Thu, Jun 24, 2010 at 09:42:51AM +0200, Jano Kupec wrote:
Hi! Zypp only recognizes public keys imported into rpm database (rpm --import pub-key-file). We would need to make it look into /etc/pki/rpm-gpg as well to make this work.
What about rpm itself, does it look for keys in that directory?
No. (But newer versions look in /var/lib/rpm/pubkeys/*, a feature that SUSE doesn't use currently.)
Doesn't libzypp look at the "repo_gpgcheck" option from the repository definition, like yum does?
it seems it does not. Anas
Cheers, Michael.
-- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
-- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Sat, Jun 26, 2010 at 10:12:21PM -0400, Anas Nashif wrote:
On 2010-06-24, at 5:02 AM, Michael Schroeder wrote:
On Thu, Jun 24, 2010 at 09:42:51AM +0200, Jano Kupec wrote:
Hi! Zypp only recognizes public keys imported into rpm database (rpm --import pub-key-file). We would need to make it look into /etc/pki/rpm-gpg as well to make this work.
What about rpm itself, does it look for keys in that directory?
No. (But newer versions look in /var/lib/rpm/pubkeys/*, a feature that SUSE doesn't use currently.)
Doesn't libzypp look at the "repo_gpgcheck" option from the repository definition, like yum does?
it seems it does not.
Seems like zypp's "gpgcheck" is yum's "repo_gpgcheck". M. -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On 2010-06-28, at 5:03 AM, Michael Schroeder wrote:
On Sat, Jun 26, 2010 at 10:12:21PM -0400, Anas Nashif wrote:
On 2010-06-24, at 5:02 AM, Michael Schroeder wrote:
On Thu, Jun 24, 2010 at 09:42:51AM +0200, Jano Kupec wrote:
Hi! Zypp only recognizes public keys imported into rpm database (rpm --import pub-key-file). We would need to make it look into /etc/pki/rpm-gpg as well to make this work.
What about rpm itself, does it look for keys in that directory?
No. (But newer versions look in /var/lib/rpm/pubkeys/*, a feature that SUSE doesn't use currently.)
Doesn't libzypp look at the "repo_gpgcheck" option from the repository definition, like yum does?
it seems it does not.
Seems like zypp's "gpgcheck" is yum's "repo_gpgcheck".
Yes, which means if you want to disable repo gpg check you also disable importing the configured key to verify installed packages, sounds like a bug to me. Anas
M. -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
-- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
participants (3)
-
Anas Nashif
-
Jano Kupec
-
Michael Schroeder