Re: [opensuse-autoinstall] retrieving gpg-keys for package validation with prescript?
Hi Uwe, I didn't know to store the id in xml file. The keys where used to sign individual packages. And also content.asc of CD1 and so on. As I learned I have to put the public keys into initial initrd which is used during boot to prevent installer error messages about unknown signed packages. The idea is to retrieve the public key which signed our addon product from somewhere (web) during pre installation and present it somehow the installer. Such I don't have to put it into the initrd. Will this work or did I miss something. Thanks, Jochen
Uwe Gansert <ug@suse.de> 09/18/08 2:48 PM >>> On Friday 12 September 2008, Jochen Schaefer wrote:
But the question is if it is possible to retrieve and use gpg-keys to validate self signed installation sources from a web source during the preinstallation phase?
I'm not sure if I understand. The keys are already on the installation source? What exactly do you want to achieve?
Since it is a little overhead to change the initrds of different SUSE Versions in different projects.
you don't have to put them in the initrd. You can specify the key id's in the XML file too. You just have to store them in the initrd if you don't want to put anything in your XML. -- ciao, Uwe Gansert Uwe Gansert, Server Technologies Team SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Business: http://www.suse.de/~ug -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
On Thursday 18 September 2008, Jochen Schaefer wrote:
I didn't know to store the id in xml file.
since 10.3 you can store the key id's in the signature-handling section of an add-on http://www.suse.de/~ug/autoyast_doc/CreateProfile.Software.html
As I learned I have to put the public keys into initial initrd which is used during boot to prevent installer error messages about unknown signed packages.
No, it's not a must that the key is in the initrd but if it's in the initrd it will be accepted automatically always and everything signed by that key is valid automatically. http://www.suse.de/~ug/AutoYaST_FAQ.html#bB
The idea is to retrieve the public key which signed our addon product from somewhere (web) during pre installation and present it somehow the installer. Such I don't have to put it into the initrd.
Will this work or did I miss something.
you can put them on the installation source instead of into the initrd but then you have to accept the key in the XML file. -- ciao, Uwe Gansert Uwe Gansert, Server Technologies Team SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Business: http://www.suse.de/~ug -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
participants (2)
-
Jochen Schaefer -
Uwe Gansert