Bug ID | 1088037 |
---|---|
Summary | gpgkey= entry ignored for rpm-md repositories |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | libzypp |
Assignee | zypp-maintainers@forge.provo.novell.com |
Reporter | ma@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Via mail to zypp-devel: > My rpm-md style repository contains *both* repository metadata GPG > signatures (i.e. repomd.xml.asc) and RPM packages which have GPG > signatures, created via rpm --addsign. > > On a YUM-based system (e.g., CentOS 7), I simply need to list all the > necessary URLs for both repository GPG and package signing public keys > with gpgkey=. When I update the metadata (via yum makecache) all > listed keys are automatically imported to the correct place; package > signing keys into rpm db and the repository signing key into the YUM > keyring. > > On OpenSUSE 42.3 with zypper 1.13.40 and libzypp 16.17.10, I have > noticed that none of the URLs specified with gpgkey= seem to be > imported even after I run zypper --gpg-auto-import-keys refresh > reponame. I have verified this by running rpm -qa | grep gpg-pubkey > and saw that the keys specified in the repository configuration file > were not imported to RPM DB. It seems that the only way to import a > package signing key on OpenSUSE 42.3 for an rpm-md style repository is > to run rpm --import file.key.