[Bug 1055533] New: [regression] installation of locally built packages requires disabling verification
http://bugzilla.suse.com/show_bug.cgi?id=1055533 Bug ID: 1055533 Summary: [regression] installation of locally built packages requires disabling verification Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@forge.provo.novell.com Reporter: thardeck@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- To run integration tests we build an rpm package locally with osc and install this by calling `zypper --non-interactive in <local_package_path>`. This process does not work anymore in the latest Tumbleweed snapshots because zypper requires an existing signature unless the parameter `--no-gpg-checks` is provided. But using `--no-gpg-checks` would be a security risk because all the dependencies are then also not verified and often downloaded via http. Before the change they were verified so tampering was not possible. To prevent those security risks it would be great if locally available packages can still be installed non-interactively without disabling the gpg checks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1055533 Tim Hardeck <thardeck@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|zypp-maintainers@forge.prov |ms@suse.de |o.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1055533 Tim Hardeck <thardeck@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com Assignee|ms@suse.de |ma@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1055533 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|ma@suse.de |zypp-maintainers@forge.prov | |o.novell.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1055533 http://bugzilla.suse.com/show_bug.cgi?id=1055533#c1 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #1 from Michael Andres <ma@suse.com> --- We'll need some dedicated cli option telling how to handle the local packages passed as argument. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1055533 http://bugzilla.suse.com/show_bug.cgi?id=1055533#c2 --- Comment #2 from Tim Hardeck <thardeck@suse.com> --- I would prefer a configuration option because otherwise we would need version aware code which could complicate things quite a bit. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1055533 http://bugzilla.suse.com/show_bug.cgi?id=1055533#c8 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #8 from Michael Andres <ma@suse.com> --- closing -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com