[Bug 350747] New: updaterepo script for inst-source-utils
https://bugzilla.novell.com/show_bug.cgi?id=350747 Summary: updaterepo script for inst-source-utils Product: openSUSE 11.0 Version: unspecified Platform: Other OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: schlomo.schapiro@novell.com QAContact: qa@suse.de Found By: Consulting As mentioned on http://en.opensuse.org/Inst-source-utils here is a useful script to add from my collection. This script creates a GPG signed YUM repository. One has to adapt REPO and KEY .. Script: #!/bin/bash REPO=/media/install/${1:-schlomo10} test -d $REPO || { echo "ERROR: REPO '$REPO' must be a directory" exit 1 } gpg-agent || eval $(gpg-agent --daemon) echo "Updating YUM repository '$REPO'" KEY=9e62229e { rm -Rfv $REPO/{repodata,.olddata}/{filelists.xml.gz,other.xml.gz,primary.xml.gz,repomd.xml,repomd.xml.asc} rpm --resign -v $REPO/*/*rpm 2> >(grep -v skip 1>&2) createrepo -v $REPO } | while read ; do echo -n . ; done ; echo gpg -a --detach-sign $REPO/repodata/repomd.xml test -s $REPO/repodata/repomd.xml.key || gpg -a --export $KEY > $REPO/repodata/repomd.xml.key test -d $REPO/media.1 && { rm -f $REPO/media.1/products.asc gpg -a --detach-sign $REPO/media.1/products gpg -a --export $KEY > $REPO/media.1/products.key cd $REPO/media.1/ ls -d -1 >directory.yast } -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 Cristian Rodriguez <crrodriguez@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |crrodriguez@novell.com AssignedTo|bnc-team-screening@forge.provo.novell.com |lrupp@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 User lrupp@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=350747#c1 Lars Rupp <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lrupp@novell.com Status|NEW |NEEDINFO Info Provider| |schlomo.schapiro@novell.com --- Comment #1 from Lars Rupp <lrupp@novell.com> 2008-01-10 03:47:14 MST --- First: Thanks for your script! Three notes/questions: 1) We try to find out as much as possible automatically - or get it via commandline. So editing these script (which should not be marked as %config in RPM) is no option: an update would replace the REPO and KEY values. So the REPO should be the first argument for the script and the KEY another one (and if no KEY is given, take the default key from the user running this script). 2) I've little dependency problem already with the "createpatch" script in inst-source-utils (see #308684 for details). So your script also would add a dependency for createrepo (and all the python stuff) if we don't find another solution. I've made a quick hack in createpatch to check for an installed createrepo or warn the user that he should install this RPM. So either we also need a check for existance of createrepo (if [ -x /usr/bin/createrepo ]; then...] or we should think about splitting out the scripts which create/prepare/edit yum-repositories. What do you think? 3) The gpg signing part should be done by an extra script named "sign" as we do this in other scripts, too. Here we use a C++ script for this - but a simple bash script should also do this job. This new "sign" script should be aware of the following arguments: -v : verbose -d : detach sign -c : clearsign (inline ascii armored => patch-files for <= sles9) -r : sign rpms => My task to provide such a simple script with the next update. Do like like the suggested changes and provide an adapted script? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 User schlomo.schapiro@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=350747#c2 Schlomo Schapiro <schlomo.schapiro@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|schlomo.schapiro@novell.com | --- Comment #2 from Schlomo Schapiro <schlomo.schapiro@novell.com> 2008-01-10 07:16:55 MST --- The script was meant to be an idea, not really ready for packaging. The repo should be a mandatory argument and the key an optional one The dependency on createrepo is neccessary and should IMHO also be reflected in RPM ([ -x ...] beeing a dirty hack violating RPM) as the user relies on RPM to install all requirements. Splitting out the signing part is no problem, but keep in mind that creating a signed repo means you have to sign twice: 1. sign all RPMs 2. create repo (/repodata/*xml) 3. sign repodata therefore the signing script should have a clear understanding of this, e.g. -r : sign rpms given on cmdline -m : sign rpm-md repo -y : sign yast repo -a : sign all rpm recursively in dirs given in cmdline updaterepo should retain the option to be an all-in-one script to update & sign a repo with a new package (the reason I wrote it). What would be a great thing to have would be gpg-agent support for the whole process. Currently (SLES10SP1) rpm does not use the agent at all. So my script could look like this: #!/bin/bash [ -d "$1" ] || { echo "Specify the repo directory" exit 1 } REPO="$1" echo "Updating YUM repository '$REPO'" { rm -Rfv $REPO/{repodata,.olddata}/{filelists.xml.gz,other.xml.gz,primary.xml.gz,repomd.xml,repomd.xml.asc} sign -a -r "$REPO" createrepo -v "$REPO" } | while read ; do echo -n . ; done ; echo sign -m "$REPO" This way the entire gpg stuff would be in the sign script (and I always prefer bash over c++ if possible -> open source included :-) ) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 Lars Rupp <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 User lrupp@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=350747#c3 Lars Vogdt <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement --- Comment #3 from Lars Vogdt <lrupp@novell.com> 2008-04-22 06:17:03 MST --- decreasing to enhancement -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 Lars Vogdt <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=350747 User lrupp@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=350747#c4 Lars Vogdt <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |464903 --- Comment #4 from Lars Vogdt <lrupp@novell.com> 2009-02-18 13:52:04 MST --- fixed for all openSUSE versions until 11.1 : /usr/bin/createpatch should be able to do the job. But it needs to be rewritten to support 11.1 and SLE11. Taking bug #464903 as "master" bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com