[opensuse-autoinstall] Adding own RPMs to 11.4-Installation-DVD
Hello, until now, we created our own Installation-Media with 10.2. We only added the RPMs to the DVD, that are going to be installed. So we kept the DVD-Image small for downloading by our Customers (only 1.2 GB instead of 4 GB). Now, we have to do the same thing with 11.4, but I have problems with the signature. We create a yast-Installation-Source, put the boot-Environment (initrd, kernel etc.) in the right places, add the License-files, add the SuSE-RPMs and our own RPMs to i586, i686, create the xml-File for Autoyast etc. (like we did it with 10.2) MD4SUMS etc. are created automatically. The gpg-Key ist added to the initrd (as described here: http://users.suse.com/~ug/AutoYaST_FAQ.html#bB), the new sha1sum of the initrd is put in the content-file and this file is signed with the key that was put into the initrd. So, everything should be fine (I think). But everytime we start the installation, yast complains about an invalid signature of the content-file. When I switch to a console is see, that the key is directly in / of the running system. The installkey.gpg of opensuse is also in that place. Can anybody tell me what I'm doing wrong here? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
on Friday 11 November 2011 Daniel Spannbauer wrote:
But everytime we start the installation, yast complains about an invalid signature of the content-file.
can you try to add your key by putting it into the installkey.gpg file? Like this: gpg -u admin@my-comp.com --export >>installkey.gpg or, a little bit less dirty: gpg --homedir=gpg --no-default-keyring --keyring=./installkey.gpg --import ./gpg/pubring.gpg -- ciao, Uwe Gansert SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer Home: http://www.suse.de/~ug - Blog: http://suse.gansert.net listening to: "Gambit" by Stillste Stund -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
Am 11/14/2011 02:46 PM, schrieb Uwe Gansert:
on Friday 11 November 2011 Daniel Spannbauer wrote:
But everytime we start the installation, yast complains about an invalid signature of the content-file.
can you try to add your key by putting it into the installkey.gpg file? Like this:
gpg -u admin@my-comp.com --export >>installkey.gpg
or, a little bit less dirty:
gpg --homedir=gpg --no-default-keyring --keyring=./installkey.gpg --import ./gpg/pubring.gpg
Hello Uwe, installkey.gpg is in the initrd, right? So, I have to export the installkey.gpg from initrd, add my key to it and put it into the initrd? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
on Monday 14 November 2011 Daniel Spannbauer wrote:
installkey.gpg is in the initrd, right? So, I have to export the installkey.gpg from initrd, add my key to it and put it into the initrd?
that's right -- ciao, Uwe Gansert SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer Home: http://www.suse.de/~ug - Blog: http://suse.gansert.net listening to: "Der Galaktische Zoo" by Stillste Stund -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
Am 11/14/2011 03:30 PM, schrieb Uwe Gansert:
on Monday 14 November 2011 Daniel Spannbauer wrote:
installkey.gpg is in the initrd, right? So, I have to export the installkey.gpg from initrd, add my key to it and put it into the initrd?
that's right
Hmm, ok. Here is what I do in my script: INITRD=boot/i386/loader/initrd echo "modifiziere initrd" echo "auspacken..." gunzip <$INITRD >$INITRD.uncomp echo "initall.key aus initrd raus....." cpio -i -F $INITRD.uncomp installkey.gpg echo "Schlüssel exportieren" gpg --export -u $KEY_ID > gpg-$KEY_ID.gpg gpg --export -a -u $KEY_ID > gpg-pubkey-$KEY_ID.asc echo "Schlüssel in initrd" echo "gpg-$KEY_ID.gpg" | cpio -o -H newc -A -F $INITRD.uncomp echo "install.key erweitern" gpg -u ds@marco.de --export >> install.key echo "install.key wieder in initrd" echo "installkey.gpg" | cpio -o -H newc -A -F $INITRD.uncomp echo "komprimieren" gzip --best <$INITRD.uncomp >$INITRD echo "Rest löschen" rm $INITRD.uncomp gpg-$KEY_ID.gpg installkey.gpg KEY_ID ist the ID of the Key "ds@marco.de" Can you see anny errors I made? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
gpg -u ds@marco.de --export >> install.key echo "install.key wieder in initrd"
Can you see anny errors I made?
Regards
Daniel
Ok, found the typo. The incalid-signature-message has gone, now I have a error about the meta-checksums in content I have to fix. But for the momement: Thanks Uwe. Perhaps this hould be listed somwhere in your Blog or similar? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email ds@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
participants (2)
-
Daniel Spannbauer -
Uwe Gansert