https://bugzilla.novell.com/show_bug.cgi?id=886791 https://bugzilla.novell.com/show_bug.cgi?id=886791#c4 --- Comment #4 from Marcus Schaefer <ms@suse.com> 2014-07-11 13:14:27 UTC --- in reply to comment #2
I am not sure if we want this at all. I mean, when we use a SLES as external system to build an openSUSE distro appliance, why should we put the SLES key at all on the appliance?
don't understand why someone would need this. if you build openSUSE on SLES you need the openSUSE build keys to verify the key when kiwi installs the openSUSE packages. From todays perspective you would just install openSUSE-build-keys package on your SLES build host and be done. kiwi picks up the keys from the host and that's it. I think what Marcus wants is that kiwi takes the keys from the image root which is kind of hard because it's empty at the beginning. That's why I asked how he thinks this should work
IMHO no key from the external system should be used for the appliance.
That's a valid point. kiwi currently imports keys as "gpg-pubke*" from the build host. which means if the build host has e.g SLES and openSUSE keys installed it would import all of them which is not necessary. But does it hurt ? if we don't allow the import of keys from the host they need to be imported from somewhere else. But from where ? and last but not least if we don't import anything the build will not fail just warning messages from zypper at install time will be part of the build log which also brings me to the most important question what our goal is and what the benefit is if we don't want to allow importing build keys from the build host Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.