http://bugzilla.suse.com/show_bug.cgi?id=1055533 Bug ID: 1055533 Summary: [regression] installation of locally built packages requires disabling verification Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@forge.provo.novell.com Reporter: thardeck@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- To run integration tests we build an rpm package locally with osc and install this by calling `zypper --non-interactive in <local_package_path>`. This process does not work anymore in the latest Tumbleweed snapshots because zypper requires an existing signature unless the parameter `--no-gpg-checks` is provided. But using `--no-gpg-checks` would be a security risk because all the dependencies are then also not verified and often downloaded via http. Before the change they were verified so tampering was not possible. To prevent those security risks it would be great if locally available packages can still be installed non-interactively without disabling the gpg checks. -- You are receiving this mail because: You are on the CC list for the bug.