Re: [opensuse-factory] how to sign a dud?
Nicolaus Millin schrieb:
Peter Czanik schrieb:
Martin Schlander írta:
<snip>
I think this is what you need: http://en.opensuse.org/Secure_Installation_Sources
http://sdprice.plus.com/quartzwiki/index.php/Create_SuSE_add_on_repository http://developer.novell.com/wiki/index.php/YaST_Product_Creator http://news.opensuse.org/2007/11/01/yast-tools-for-creating-installation-med... http://en.opensuse.org/Build_Service/System_Imaging might be helpful as well.
Does it mean, that if I want to sign my DUD, then I also need to provide a modified initrd?
Basically, yes. You have to add your key to '/installkey.gpg' in the
initrd.
It was a requirement from our security guys that all files need to be checked (bug 435685). As a consequence either your key is known in the initrd or you explicitly turn off checking with 'insecure=1'.
Is the publicly available documentation up to date with this? I have done SuSE Linux / openSUSE adapted DVDs since 10.1. Up to 11.0 remastering was not too difficult using some adapted scripts from makeSUSEdvd and the links mentioned above. Since 11.1 I do not seem to get the tools working correctly anymore. There is no problem in remastering an unchanged ISO, eg. openSUSE-11.1-DVD-i586.iso. Whenever I try to create a new installation DVD out of the iso rpms it doesn't work out. Apart from the makeSUSEdvd scripts I unsuccesfully tried yast-product-creator and always get this error after booting the DVD(-iso in VirtualBox): cd:/content: Invalid signature With yast-product-creator I created an GPG key and it seems to sign initrd and doing all the other things right. Any ideas what I am doing wrong? BTW: I am building on a 32bit openSUSE 11.1 and testing with VirtualBox 2.0.6. Thanks, Nico
Steffen
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, 8 Jan 2009, Nicolaus Millin wrote:
Whenever I try to create a new installation DVD out of the iso rpms it doesn't work out. Apart from the makeSUSEdvd scripts I unsuccesfully tried yast-product-creator and always get this error after booting the DVD(-iso in VirtualBox):
cd:/content: Invalid signature
With yast-product-creator I created an GPG key and it seems to sign initrd and doing all the other things right.
Any ideas what I am doing wrong?
No idea about the product creator but you can boot with 'linuxrc.debug=2' and will get the gpg messages on console 3. (Or log to a file with 'linuxrc.log=/foo'.) Steffen -- Der frühe Wirt holt sich den Wurm. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (2)
-
Nicolaus Millin -
Steffen Winterfeldt