On Thursday 16 October 2008 10:11:45 wrote Detlef Steuer:
Hi,
Ie got the following problem, when trying to build a package locally to play around with the spec file:
--------- The following package could not be verified: /var/tmp/osbuild-packagecache/openSUSE:11.0/standard/noarch/texlive-2007-17 5.1.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#739ebedd)
- If the key is missing, install it first. For example, do the following: gpg --keyserver pgp.mit.edu --recv-keys 739ebedd gpg --armor --export 739ebedd > /home/steuer/keyfile-739ebedd and, as root: rpm --import /home/steuer/keyfile-739ebedd
Then, just start the build again.
- If the key is unavailable, you may use --no-verify (which may pose a risk) ----------
The key is unavailable, at least I couldn't find it. Is there a way to disable verifying completely or for problematic packages?
Read three lines above ;)
After all it's just a local build and won't be used in anyway besides build testing. Or am I missing something obvious?
Well, evil packages can break out the chroot (if they have criminal energie). So it is necessary to trust them to some degree.
(Btw: same settings work just fine in the buildservice.)
That one is secured with a VM. -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org