Op zondag 20 oktober 2002 14:13, schreef Guillermo Ballester Valor:
Hi,
On Sunday 20 October 2002 13:55, Richard Bos wrote:
Op zondag 20 oktober 2002 12:21, schreef Guillermo Ballester Valor:
I've just updated apt-0.5.4cnc8 into my SuSE 8.0 prof. I also updated synaptic and apt-devel. I replaced /usr/bin/atprpm by aptrpm-1 in CVS repository, and modified apt.conf to manage properly when updating k_defl and lilo. I also updated sources.list with the one in suse-apt place.
Well done!
The problem I have is a message about GPG in all packages I want to install, as example:
Error: sax2_4.7-170_i386.rpm is not GPG signed File : /var/cache/apt/archives/sax2_4.7-170_i386.rpm Name : sax2 Feedback : feedback@suse.de Buildhost: shannon.suse.de
If you trust the rpm, just run apt with apt-get -o rpm::options::=--no-checksign upgrade.
This will skip the signature check.
Thanks!. I solved the problem. I'm wondering whether I'll have the same problem in all packages in a future. I've just tried k_deflt and three more packages and the same stuff about PGP signatures. Can I add in apt.conf the following line in RPM {}section ?
options=--no-checksign
You're close. The correct syntax: RPM { CheckSign false; }
Any risk to do that?
It used to be this way. If a package has been signed with a signature you validated you know the origin of package. If you don't verify this, you just rely on the goodness of the package provider. Untill now that did not give any problems. In your case above you could (should?) inform SuSE, and hopefully SuSE will provide a signed package.... -- Richard