[Bug 1200520] New: zypper doesn't install unsigned packages
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 Bug ID: 1200520 Summary: zypper doesn't install unsigned packages Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@suse.de Reporter: ralf.koelmel@kit.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 859575 --> http://bugzilla.opensuse.org/attachment.cgi?id=859575&action=edit zypper.log during interactive installation try i'm trying to install some self-built, unsigned packages from an own repo, but zypper throws errors and doesn't install these packages. The used command is: "zypper install --allow-unsigned-rpm --force --details kmod-zfs-5.14.21-150400.22-default libnvpair3 libuutil3 libzfs5 libzpool5 zfs zfs-dracut" -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c1 --- Comment #1 from Ralf K�lmel <ralf.koelmel@kit.edu> --- Created attachment 859577 --> http://bugzilla.opensuse.org/attachment.cgi?id=859577&action=edit output on the cmdline -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c2 --- Comment #2 from Ralf K�lmel <ralf.koelmel@kit.edu> --- a direct rpm installation is working ("rpm --install --nosignature libnvpair3-2.1.4-1.x86_64.rpm libuutil3-2.1.4-1.x86_64.rpm libzfs5-2.1.4-1.x86_64.rpm libzpool5-2.1.4-1.x86_64.rpm zfs-2.1.4-1.x86_64.rpm kmod-zfs-5.14.21-150400.22-default-2.1.4-1.x86_64.rpm") without problems -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c3 --- Comment #3 from Michael Andres <ma@suse.com> --- Yes, that's what the manpage tries to say:
--allow-unsigned-rpm Silently install unsigned rpm packages given as commandline parameters.
Repositories have their own rules. Mandatory signed packages are the safe default. If you know the repo and trust the issuer, you may relax this by using the --gpgcheck-allow-unsigned-package option with add-repo or modifyrepo.
zypper mr --gpgcheck-allow-unsigned-package iti_update
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c4 --- Comment #4 from Ralf K�lmel <ralf.koelmel@kit.edu> --- my repo iti_update had the config: # | Alias | Name | Enabled | GPG Check | Refresh 9 | iti_update | Central-ITI-Update-15.3 | Yes | ( ) No | Yes I've tried your suggestion:
zypper mr --gpgcheck-allow-unsigned-package iti_update GPG check has been enabled for repository 'iti_update'.
Now the repo looks like # | Alias | Name | Enabled | GPG Check | Refresh 7 | iti_update | Central-ITI-Update-15.4 | Yes | ( p) Yes | Yes The command has enabled the GPG-check. The error during installation remains the same and is occuring first on Leap 15.4. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c5 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ralf.koelmel@kit.edu Flags| |needinfo?(ralf.koelmel@kit. | |edu) --- Comment #5 from Michael Andres <ma@suse.com> --- @Ralf: "rpm --install ..." without "--nosignature" does not work? Did you manually harden the rpm configuration to reject unsigned packages? Otherwise the behavior on Leap15.4 changed. Rpm itself never rejected unsigned packages. That's why zypp never passes a "--nosignature" option to rpm. If rpm changed in this regard, we need to adapt zypp. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c6 Ralf K�lmel <ralf.koelmel@kit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID Flags|needinfo?(ralf.koelmel@kit. | |edu) | --- Comment #6 from Ralf K�lmel <ralf.koelmel@kit.edu> --- i have found my problem. I've changed /usr/lib/rpm/macros (it was the Leap 15.3 default file with introduced python variable). Now i don't need to configure python executable, because python2 is gone. After restoring this file to the Leap 15.4 default, i could install the packages via the mentioned zypper command. @Michael: Sorry for my report and thank you for your help. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c7 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|RESOLVED |REOPENED Resolution|INVALID |--- Flags| |needinfo? Severity|Major |Enhancement --- Comment #7 from Michael Andres <ma@suse.com> --- Let's keep it open until zypp is fixed. Hardening the rpm config in such a manner should be possible without breaking zypp. Even if the rpm default is more relaxed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo? | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c8 --- Comment #8 from Ralf K�lmel <ralf.koelmel@kit.edu> --- the problem was a not suitable macros file which is belonging to Leap 15.3. i don't think that zypp needs a patch. There is another problem with this macros file, that the introduced python variable is not used and it assumes an executable with name python. if the legacy packages python/python-base are deinstalled, there is no python executable provided through the python3 package. The python3 installation should create a python link via update-alternatives. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200520 http://bugzilla.opensuse.org/show_bug.cgi?id=1200520#c9 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |INVALID --- Comment #9 from Michael Andres <ma@suse.com> --- Ok, then let's close it. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com