Am Dienstag, 13. September 2011, 16:37:16 schrieb Troy Telford:

> I've found:

> osc build --no-verify

>

> Which simply skips the gpg verification. What do I have to do to fix

> my OBS system so users don't have to use --no-verify?

The project, which provides the binaries must provide the public gpg key.

If you have imported binaries, just copy it inside as "_pubkey" file on the source server.

> On 2011-09-12 20:03:30 +0000, Troy Telford said:

> > I'm having trouble using 'osc build' on my own OBS instance:

> >

> > $ osc build

> > Building htop.spec for SLE_11sp1/x86_64

> > Getting buildinfo from server and store to

> > /home/ttelford/src/obs/home:ttelford/htop/.osc/_buildinfo-SLE_11sp1-x86_64

> > .xml Getting buildconfig from server and store to

> > /home/ttelford/src/obs/home:ttelford/htop/.osc/_buildconfig-SLE_11sp1-x86_

> > 64 Updating cache of required packages

> > 0.0% cache miss. 88/88 dependencies cached.

> >

> > Verifying integrity of cached packages

> > BuildService API error: can't verify packages due to lack of GPG keys

> >

> > Obviously, I'd like to be able to verify the packages; the distribution

> > packages certainly have a GPG signature (That of SLES).

> >

> > I know the GPG key is on ${SLES_ISO}/pubring.gpg.

> >

> > So what I need to do to get 'osc build' to work (and verify the GPG

> > signature of the packages)?

> >

> > Thanks.

> > -- Troy Telford

> >

> >

> > -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org

> > For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

--

Adrian Schroeter

SUSE Linux Products GmbH

email: adrian@suse.de