Mailinglist Archive: opensuse-buildservice (184 mails)

< Previous Next >
Re: [opensuse-buildservice] missing key for texlive*
Hash: SHA1

On Thu, 16 Oct 2008 11:06:23 +0200
Adrian Schröter <adrian@xxxxxxx> wrote:

On Thursday 16 October 2008 10:11:45 wrote Detlef Steuer:

Ie got the following problem, when trying to build a package locally
to play around with the spec file:

The following package could not be verified:
5.1.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS:

- If the key is missing, install it first.
For example, do the following:
gpg --keyserver --recv-keys 739ebedd
gpg --armor --export 739ebedd > /home/steuer/keyfile-739ebedd
and, as root:
rpm --import /home/steuer/keyfile-739ebedd

Then, just start the build again.

- If the key is unavailable, you may use --no-verify (which may pose a
risk) ----------

The key is unavailable, at least I couldn't find it.
Is there a way to disable verifying completely or for problematic packages?

Read three lines above ;)

I did. But osc has no option '--no-verify'.
So my question was: how to pass that argument to my build attempt?

osc --no-verify build openSUSE_11.0 i586 my.spec
osc: no such option: --no-verify
Try 'osc help' for info.

Can you point me to appropriate documentation?


After all it's just a local build
and won't be used in anyway besides build testing.
Or am I missing something obvious?

Well, evil packages can break out the chroot (if they have criminal energie).
So it is necessary to trust them to some degree.

(Btw: same settings work just fine in the buildservice.)

That one is secured with a VM.


Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian@xxxxxxx

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

Version: GnuPG v2.0.9 (GNU/Linux)

< Previous Next >
Follow Ups