Mailinglist Archive: opensuse-factory (757 mails)

< Previous Next >
Re: [opensuse-factory] Re: makeSUSEdvd error
On Fri, May 05, 2006 at 11:51:19PM +0200, Marcel Hilzinger wrote:
> Am Dienstag, 2. Mai 2006 12:43 schrieb houghi:
>
> > I still get the same error. I now have:
> > #Remove keys in content
> > grep -v ^META $CD_DIR/content > $CD_DIR/content.bak
> > mv $CD_DIR/content.bak $CD_DIR/content
> > grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak
> > mv $CD_DIR/content.bak $CD_DIR/content
>
> Does all content have to be signed by the same key? If not, why do you resign
> also files, which content did not change (e.g. selection files)?

Mainly lazyness. Otherwise I would also have to check wich files are
changed and wich ones are not, making it more complicating then needed, I
think.
For me it is easier to just sign all, instead of just some and some not.
The reason that I rather do all is that way I won't forget anything. :-)

> > #Set the key
> > LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e
> > 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a >
> > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
>
> This gives a file like gpg-pubkey-6344CBC1.asc
> But on the CDs the keys look like this:
>
> gpg-pubkey-9c800aca-40d8063e.asc

I know. No idea wether this is relevant. How do I get a key as above?


> > # Sign files in /suse/setup/descr/
> > for FILE in `ls $CD_DIR/suse/setup/descr/`
> > do
> > echo "META SHA1 $(cd $CD_DIR/suse/setup/descr/ && sha1sum
> > ${FILE})" >> $CD_DIR/content done
> > #Sign *.asc files
> > for FILE in `ls $CD_DIR|grep ^gpg-pubkey*`
> > do
> > echo "KEY SHA1 $(cd $CD_DIR && sha1sum ${FILE})">>
> > $CD_DIR/content done
> Here the same question: is it neccessary to resign all the files? Or would it
> be enough to sign only the files makeSuSEdvd changed?

Same answer. You might gain time, but loose simplicity. (Unless there is a
reason that it won't work otherwise)


> Btw:
> gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products
>
> creates products.sig not products.asc on my SL 9.3

Without the -a it does. With the -a it makes a products.asc

houghi@penne : touch test
houghi@penne : l test*
-rw------- 1 houghi users 6523 2006-04-30 20:13 test
houghi@penne : gpg --detach-sign -u 70660424 test
houghi@penne : l test*
-rw------- 1 houghi users 6523 2006-04-30 20:13 test
-rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig
houghi@penne : gpg --detach-sign -u 70660424 -a test
houghi@penne : l test*
-rw------- 1 houghi users 6523 2006-04-30 20:13 test
-rw-r--r-- 1 houghi users 481 2006-05-06 00:11 test.asc
-rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig

Or at least that is how it should be. I don't have a 9.3 installed, so I
can't verify. Anybody else?

houghi
--
Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es
ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk
und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau

< Previous Next >
List Navigation