On Fri, May 05, 2006 at 11:51:19PM +0200, Marcel Hilzinger wrote:
Am Dienstag, 2. Mai 2006 12:43 schrieb houghi:
I still get the same error. I now have: #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content
Does all content have to be signed by the same key? If not, why do you resign also files, which content did not change (e.g. selection files)?
Mainly lazyness. Otherwise I would also have to check wich files are changed and wich ones are not, making it more complicating then needed, I think. For me it is easier to just sign all, instead of just some and some not. The reason that I rather do all is that way I won't forget anything. :-)
#Set the key LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
This gives a file like gpg-pubkey-6344CBC1.asc But on the CDs the keys look like this:
gpg-pubkey-9c800aca-40d8063e.asc
I know. No idea wether this is relevant. How do I get a key as above?
# Sign files in /suse/setup/descr/ for FILE in `ls $CD_DIR/suse/setup/descr/` do echo "META SHA1 $(cd $CD_DIR/suse/setup/descr/ && sha1sum ${FILE})" >> $CD_DIR/content done #Sign *.asc files for FILE in `ls $CD_DIR|grep ^gpg-pubkey*` do echo "KEY SHA1 $(cd $CD_DIR && sha1sum ${FILE})">> $CD_DIR/content done
Here the same question: is it neccessary to resign all the files? Or would it be enough to sign only the files makeSuSEdvd changed?
Same answer. You might gain time, but loose simplicity. (Unless there is a reason that it won't work otherwise)
Btw: gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products
creates products.sig not products.asc on my SL 9.3
Without the -a it does. With the -a it makes a products.asc houghi@penne : touch test houghi@penne : l test* -rw------- 1 houghi users 6523 2006-04-30 20:13 test houghi@penne : gpg --detach-sign -u 70660424 test houghi@penne : l test* -rw------- 1 houghi users 6523 2006-04-30 20:13 test -rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig houghi@penne : gpg --detach-sign -u 70660424 -a test houghi@penne : l test* -rw------- 1 houghi users 6523 2006-04-30 20:13 test -rw-r--r-- 1 houghi users 481 2006-05-06 00:11 test.asc -rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig Or at least that is how it should be. I don't have a 9.3 installed, so I can't verify. Anybody else? houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau