Mailinglist Archive: opensuse-autoinstall (27 mails)
| < Previous | Next > |
Re: [opensuse-autoinstall] "SHA1 sum wrong" after modifying control.xom
- From: Katarina Machalkova <kmachalkova@xxxxxxx>
- Date: Thu, 10 Sep 2009 14:57:39 +0200
- Message-id: <200909101457.41535.kmachalkova@xxxxxxx>
Hi,
The easy and fast way around - boot with 'insecure=1' option appended to your
BL parameters. This tells Linuxrc (http://en.opensuse.org/Linuxrc) not to
check SHA1 sums of every file it downloads, so it won't complain anymore.
In general, if you modify a control file, you have to sign again the whole
repository with a key available to you, that is, compute again all the
checksums, replace content.key, content.asc ... erm ... you don't want to do
that :) it is rather cumbersome.
Looking at the initial description, inserting a new step into workflow (more
generally, modifying an installation workflow) is a good candidate for
creating an add-on media, be it only very simplistic one. And this can also be
signed, so you are on a safe side:
Here is a how-to for signing add-ons, maybe some parts of it will be helpful
to you:
http://ugansert.blogspot.com/2009/01/opensuse-111-sles11-and-add-ons.html
hB.
--
\\\\\ Katarina Machalkova
\\\\\\\__o YaST developer
__\\\\\\\'/_ & hedgehog painter
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx
I have created a YaST client module that snaps into the AutoYaST workflow<-- snip -->
While this works fine for SLES 10, SLES 11 is more careful.
First it gave me an error like this :
<instsrc>/control.xml : SHA1 sum wrong.
If you really trust your repository, you may continue in an insecure
mode. (OK/Back)
The easy and fast way around - boot with 'insecure=1' option appended to your
BL parameters. This tells Linuxrc (http://en.opensuse.org/Linuxrc) not to
check SHA1 sums of every file it downloads, so it won't complain anymore.
I see there is a content.key file, but since I don't know the password to
it, it guess it is useless to try to generate a new content.asc.
Is there any way around this, or do we not want customer's to port their
customizations to SLE 11 ?
In general, if you modify a control file, you have to sign again the whole
repository with a key available to you, that is, compute again all the
checksums, replace content.key, content.asc ... erm ... you don't want to do
that :) it is rather cumbersome.
Looking at the initial description, inserting a new step into workflow (more
generally, modifying an installation workflow) is a good candidate for
creating an add-on media, be it only very simplistic one. And this can also be
signed, so you are on a safe side:
Here is a how-to for signing add-ons, maybe some parts of it will be helpful
to you:
http://ugansert.blogspot.com/2009/01/opensuse-111-sles11-and-add-ons.html
hB.
--
\\\\\ Katarina Machalkova
\\\\\\\__o YaST developer
__\\\\\\\'/_ & hedgehog painter
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx
| < Previous | Next > |