A new version and a new problem. I like these 'feature freezes'. :-/ When running makeSUSEdvd at the 'Installation Settings' I get the partitioning, the Software and the Language. Software tells me: No catalog found at 'cd:///?devices%3d%2fdev%2fhdb'. . Error: No proposal I have recieved a mail from somebody who did it manually with create_package_descr and got into the same problem. What has been changed? What can be done to repair the situation? houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, Apr 28, 2006 at 09:50:22PM +0200, houghi wrote:
A new version and a new problem. I like these 'feature freezes'. :-/
When running makeSUSEdvd at the 'Installation Settings' I get the partitioning, the Software and the Language. Software tells me: No catalog found at 'cd:///?devices%3d%2fdev%2fhdb'. . Error: No proposal
I have recieved a mail from somebody who did it manually with create_package_descr and got into the same problem.
What has been changed? What can be done to repair the situation?
Check /var/log/YaST2/y2log ... I guess it expects cryptographically signed repos now. Ciao, Marcus
On Fri, Apr 28, 2006 at 09:51:41PM +0200, Marcus Meissner wrote:
On Fri, Apr 28, 2006 at 09:50:22PM +0200, houghi wrote:
A new version and a new problem. I like these 'feature freezes'. :-/
When running makeSUSEdvd at the 'Installation Settings' I get the partitioning, the Software and the Language. Software tells me: No catalog found at 'cd:///?devices%3d%2fdev%2fhdb'. . Error: No proposal
I have recieved a mail from somebody who did it manually with create_package_descr and got into the same problem.
What has been changed? What can be done to repair the situation?
Check /var/log/YaST2/y2log ... I guess it expects cryptographically signed repos now.
Note that I do not fully know if this is expected or not. Please open a bugreport. Also note that we have May 1 off in Germany, so do not expect an answer before Tuesday :) Ciao, Marcus
On Fri, Apr 28, 2006 at 10:07:06PM +0200, Marcus Meissner wrote:
Check /var/log/YaST2/y2log ... I guess it expects cryptographically signed repos now.
Note that I do not fully know if this is expected or not.
Anybody?
Please open a bugreport.
Also note that we have May 1 off in Germany, so do not expect an answer before Tuesday :)
Will do. Silly question, how can I get the logfile(s) to my current system? No network, nothing on the system and mounting the floppy does not seem to work at that moment. :-( houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, Apr 28, 2006 at 10:26:59PM +0200, houghi wrote:
On Fri, Apr 28, 2006 at 10:07:06PM +0200, Marcus Meissner wrote:
Check /var/log/YaST2/y2log ... I guess it expects cryptographically signed repos now.
Note that I do not fully know if this is expected or not.
Anybody?
Its 22:33 in germany on friday. ;)
Please open a bugreport.
Also note that we have May 1 off in Germany, so do not expect an answer before Tuesday :)
Will do. Silly question, how can I get the logfile(s) to my current system? No network, nothing on the system and mounting the floppy does not seem to work at that moment. :-(
Browse them in less on the system itself. I think the error should be obvious. Ciao, marcus
On Fri, Apr 28, 2006 at 10:33:14PM +0200, Marcus Meissner wrote:
On Fri, Apr 28, 2006 at 10:26:59PM +0200, houghi wrote:
On Fri, Apr 28, 2006 at 10:07:06PM +0200, Marcus Meissner wrote:
Check /var/log/YaST2/y2log ... I guess it expects cryptographically signed repos now.
Note that I do not fully know if this is expected or not.
Anybody?
Its 22:33 in germany on friday. ;)
Same time as in Belgium. :-) I did not mean now immediatly, I ment in general.
Please open a bugreport.
Also note that we have May 1 off in Germany, so do not expect an answer before Tuesday :)
Will do. Silly question, how can I get the logfile(s) to my current system? No network, nothing on the system and mounting the floppy does not seem to work at that moment. :-(
Browse them in less on the system itself. I think the error should be obvious.
They might be obvious if you know what you are looking for. There is however so much that I am not really sure what is relevant and what not. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, Apr 28, 2006 at 10:07:06PM +0200, Marcus Meissner wrote:
Please open a bugreport.
Bug 170944 Submitted houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, Apr 28, 2006 at 10:31:33PM +0200, houghi wrote:
On Fri, Apr 28, 2006 at 10:07:06PM +0200, Marcus Meissner wrote:
Please open a bugreport.
Bug 170944 Submitted
Transfered to bug 166011 There I see some info: <quote> - (once) create a GPG key for signing the modified source (or use an existing key) - adapt the packages file with "=Cks: SHA1 <sha1sum>" entries of the RPMs - add META and KEY entries to /content, see URL above - sign /content (gpg --detach-sign -a content) - create /content.key (the above public key used to sign /content) (gpg --export -a -u keyid > content.key) </quote> Is there anybody that can explain to me in babysteps on how to do that? I have never used gpg. So I suppose I do the following: `gpg --gen-key`, 5, 2048, 0, y, name and email, passphrase (Or must this be blank?), generate the key. I then have my key. Now what? houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Sat, Apr 29, 2006 at 02:54:12PM +0200, houghi wrote:
On Fri, Apr 28, 2006 at 10:31:33PM +0200, houghi wrote:
On Fri, Apr 28, 2006 at 10:07:06PM +0200, Marcus Meissner wrote:
Please open a bugreport.
Bug 170944 Submitted
Transfered to bug 166011 There I see some info: <quote> - (once) create a GPG key for signing the modified source (or use an existing key)
- adapt the packages file with "=Cks: SHA1 <sha1sum>" entries of the RPMs
- add META and KEY entries to /content, see URL above
- sign /content (gpg --detach-sign -a content) - create /content.key (the above public key used to sign /content) (gpg --export -a -u keyid > content.key) </quote>
I now have the following added to makeSUSEdvd to no avail: LOCAL_KEY=$(gpg --fingerprint | grep ^pub | awk '{print $2}' | cut -d"/" -f2) gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc rm $CD_DIR/content.asc echo "KEY SHA1 $(cd $CD_DIR && sha1sum gpg-pubkey-${LOCAL_KEY}.asc)" \ >> $CD_DIR/content gpg --export -a -u $LOCAL_KEY > $CD_DIR/content.key rm $CD_DIR/media.1/products.asc gpg --detach-sign -a $CD_DIR/media.1/products gpg --export -a > $CD_DIR/media.1/products.key So according to the above, I have done: 1) create a GPG key 2) adapted the "packages" file the latest create_package_descr 3) signed content 4) created /content.key As long as I do not know if I am doing things correctly, I can't put anything in bugzilla. :-( houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
In general, you should allow the user to specify the keyid, since you usually use one all the time.
LOCAL_KEY=$(gpg --fingerprint | grep ^pub | awk '{print $2}' | cut -d"/" -f2) Better extract the keyid out of the secret keyring , like this
LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/ .*//g;'|head -n 1`
gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc rm $CD_DIR/content.asc echo "KEY SHA1 $(cd $CD_DIR && sha1sum gpg-pubkey-${LOCAL_KEY}.asc)" \ >> $CD_DIR/content gpg --export -a -u $LOCAL_KEY > $CD_DIR/content.key
Missing here: gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content
rm $CD_DIR/media.1/products.asc gpg --detach-sign -a $CD_DIR/media.1/products gpg --export -a > $CD_DIR/media.1/products.key
Better: gpg --export -a -u $LOCAL_KEY > $CD_DIR/media.1/products.key
So according to the above, I have done: 1) create a GPG key 2) adapted the "packages" file the latest create_package_descr 3) signed content 4) created /content.key
As long as I do not know if I am doing things correctly, I can't put anything in bugzilla. :-(
See adjustments above, esecpially content.asc signing. Ciao, Marcus
On Sun, 2006-04-30 at 22:50 +0200, Marcus Meissner wrote:
you should allow the user to specify the keyid, since you usually use one all the time.
Speaking as a makeSUSEdvd user, I can state positively that I have no keyids, don't know keyids from nuthin, and just want to make a dadgum dvd to install from. It starts asking for keyids I'm gonna throw up my hands and just install from the 5 CDs (as painful and inconvenient as that is).
Tom Horsley skrev:
On Sun, 2006-04-30 at 22:50 +0200, Marcus Meissner wrote:
you should allow the user to specify the keyid, since you usually use one all the time.
Speaking as a makeSUSEdvd user, I can state positively that I have no keyids, don't know keyids from nuthin, and just want to make a dadgum dvd to install from. It starts asking for keyids I'm gonna throw up my hands and just install from the 5 CDs (as painful and inconvenient as that is).
Take a peek at the top of the page http://en.opensuse.org/Making_a_DVD_from_CDs
On Sun, Apr 30, 2006 at 11:04:24PM +0200, Anders Norrbring wrote:
Take a peek at the top of the page http://en.opensuse.org/Making_a_DVD_from_CDs
That won't work for RC3 houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Sun, Apr 30, 2006 at 04:58:28PM -0400, Tom Horsley wrote:
Speaking as a makeSUSEdvd user, I can state positively that I have no keyids, don't know keyids from nuthin, and just want to make a dadgum dvd to install from. It starts asking for keyids I'm gonna throw up my hands and just install from the 5 CDs (as painful and inconvenient as that is).
First I need to get a working version. Later the fact that people do or do not have a keyid and how to solve that will be looked at. One step at a time, plese. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Sun, Apr 30, 2006 at 10:50:14PM +0200, Marcus Meissner wrote:
In general,
you should allow the user to specify the keyid, since you usually use one all the time.
That can indeed be added at a later stage, just like a test if there is a secret key available or not. Together with instructions on what to do. I now have the following below and I still get the same error: No catalog found at 'cd:///?devices%3d%2dfev%2fhdbd'. ---> LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/ .*//g;'|head -n 1` gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc rm $CD_DIR/content.asc echo "KEY SHA1 $(cd $CD_DIR && sha1sum gpg-pubkey-${LOCAL_KEY}.asc)" >> $CD_DIR/content gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content gpg --export -a -u $LOCAL_KEY > $CD_DIR/content.key rm $CD_DIR/media.1/products.asc gpg --detach-sign -a $CD_DIR/media.1/products gpg --export -a -u $LOCAL_KEY > $CD_DIR/media.1/products.key <--- houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
So according to the above, I have done: 1) create a GPG key 2) adapted the "packages" file the latest create_package_descr 3) signed content 4) created /content.key
As long as I do not know if I am doing things correctly, I can't put anything in bugzilla. :-(
You must recreate the SHA1sums in the /content file to match the changed files (MD5SUMS and packages for instance) and sign it afterwards. Also all meta file needs to be listed there, see CD1/content Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-02 at 10:45 +0200, Marcus Meissner wrote:
You must recreate the SHA1sums in the /content file to match the changed files (MD5SUMS and packages for instance) and sign it afterwards.
Also all meta file needs to be listed there, see CD1/content
Er... what would be the solution for people that, like me, already updated from RC2 to RC3 using the dvd? I get this error: File content is signed with the following GnuPG key, but the integrity check failed: ID: A84EDAE89C800ACA Fingerprint: 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80 0ACA Name: SuSE package Signing Key <build@suse.de> This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity ans security of your system. Use it anyway? which I have got to tell it to ignore several times. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEVyvstTMYHG2NR9URAiPuAJ9mjaJcIGd52yr2ic6k4IZv/Q5h2wCfeA89 UwGwowiUlmGVG2anfS1Y4cM= =cRKV -----END PGP SIGNATURE-----
On Tue, May 02, 2006 at 11:52:43AM +0200, Carlos E. R. wrote:
The Tuesday 2006-05-02 at 10:45 +0200, Marcus Meissner wrote:
You must recreate the SHA1sums in the /content file to match the changed files (MD5SUMS and packages for instance) and sign it afterwards.
Also all meta file needs to be listed there, see CD1/content
Er... what would be the solution for people that, like me, already updated from RC2 to RC3 using the dvd?
You were lucky then I think :)
I get this error:
File content is signed with the following GnuPG key, but the integrity check failed:
ID: A84EDAE89C800ACA Fingerprint: 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80 0ACA Name: SuSE package Signing Key <build@suse.de>
This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity ans security of your system.
Use it anyway?
which I have got to tell it to ignore several times.
Strange, this key should have been imported by default. Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-02 at 11:53 +0200, Marcus Meissner wrote:
Er... what would be the solution for people that, like me, already updated from RC2 to RC3 using the dvd?
You were lucky then I think :)
Probably... I was convincing, I guess O:-) ...
Strange, this key should have been imported by default.
I suppose so, but I don't even know which rpm is faulty. Not clear. All? The signature itself not imported? It should be there from RC2, even if RC3 was broken. later on the update I had another problem, dunno if related: Dependency conflict patch zypp-1285-0.noarch [20060429-201531] can not be installed due to a missing... (out of screen, couldn't see the rest) there are no providers of zmd==7.0.1.0-12 for patch zypp (and the install enters a loop) I have seen other people with the same problem. /var/log/YaST2/badlist: 2 packages failed patch:zypp-1285-0.noarch[20060429-201531] cannot be installed due to missing dependencies patch:zypp-1285-0.noarch[http://gd.tuwien.ac.at/linux/suse.com/suse/update/10.1/] cannot be installed due to missing dependencies - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEVy3wtTMYHG2NR9URAifHAJwPQaJUgqXXVMU8ZpcO1JWGTnmioQCeKwCI AFcDkvdaYP3qJWiuRGfl4L0= =z+9N -----END PGP SIGNATURE-----
Hello, Am Dienstag, 2. Mai 2006 11:53 schrieb Marcus Meissner:
On Tue, May 02, 2006 at 11:52:43AM +0200, Carlos E. R. wrote: [...]
Er... what would be the solution for people that, like me, already updated from RC2 to RC3 using the dvd?
You were lucky then I think :)
I get this error:
File content is signed with the following GnuPG key, but the integrity check failed: [...] Strange, this key should have been imported by default.
Marcus, read the whole story again ;-) Carlos wrote he updated to RC3 using the _DVD_ Houghi's script changed the "content" file as before, but did not touch the signature file (it simply didn't know it yet). Therefore the broken signature is "normal" IMHO ;-) Regards, Christian Boltz PS @ random sig: another variant of security ;-) -- "Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords (Q276304)" http://support.microsoft.com/default.aspx?scid=kb;EN-US;q276304
On Tue, May 02, 2006 at 12:58:48PM +0200, Christian Boltz wrote:
Houghi's script changed the "content" file as before, but did not touch the signature file (it simply didn't know it yet).
Therefore the broken signature is "normal" IMHO ;-)
Yes. Although I believe I am still doing something wrong. I placed a temporary file as http://houghi.org/script/makeSUSEdvd You need http://houghi.org/script/create_package_descr which is the version that comes with 10.1RC3 Look for #SIGN_CONTENT in the script.
PS @ random sig: another variant of security ;-)
ROTFL. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 01:12:37PM +0200, houghi wrote:
On Tue, May 02, 2006 at 12:58:48PM +0200, Christian Boltz wrote:
Houghi's script changed the "content" file as before, but did not touch the signature file (it simply didn't know it yet).
Therefore the broken signature is "normal" IMHO ;-)
Yes. Although I believe I am still doing something wrong. I placed a temporary file as http://houghi.org/script/makeSUSEdvd You need http://houghi.org/script/create_package_descr which is the version that comes with 10.1RC3
Look for #SIGN_CONTENT in the script.
Just to clarify. You can run the script with only CD1. There is no need to have multiple CD's. It also makes it easier to compare between the old and the new ISO. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 01:12:37PM +0200, houghi wrote:
On Tue, May 02, 2006 at 12:58:48PM +0200, Christian Boltz wrote:
Houghi's script changed the "content" file as before, but did not touch the signature file (it simply didn't know it yet).
Therefore the broken signature is "normal" IMHO ;-)
Yes. Although I believe I am still doing something wrong. I placed a temporary file as http://houghi.org/script/makeSUSEdvd You need http://houghi.org/script/create_package_descr which is the version that comes with 10.1RC3
Look for #SIGN_CONTENT in the script.
Instead of: gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc use gpg --export -a $LOCAL_KEY > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc Are content.asc files generated? To the detach signs add a || echo "*** SIGNING FAILED! ****" gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content || echo "**** SIGNING FAILED!" Ciao, Marcus
On Tue, May 02, 2006 at 01:52:31PM +0200, Marcus Meissner wrote:
Instead of: gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc use gpg --export -a $LOCAL_KEY > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
I don't see a difference in output, but I asume it could be different when you have more then one key.
Are content.asc files generated?
files? I asume you you mean file. I only see $CD_DIR/content.asc
To the detach signs add a || echo "*** SIGNING FAILED! ****" gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content || echo "**** SIGNING FAILED!"
It is first removed and later is available, so yes it is generated. However adding the error should not be an issue Still the same error. :-/ houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 02:09:55PM +0200, houghi wrote:
Still the same error. :-/
With each posting in this thread, I will update http://houghi.org/script/makeSUSEdvd like now. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 02:20:32PM +0200, houghi wrote:
On Tue, May 02, 2006 at 02:09:55PM +0200, houghi wrote:
Still the same error. :-/
With each posting in this thread, I will update http://houghi.org/script/makeSUSEdvd like now.
Kann you do: gpg --list-key -v 70660424 And check if it is correctly self signed? If not, please do gpg --sign-key 70660424 Ciao, Marcus
On Tue, May 02, 2006 at 11:21:26PM +0200, Marcus Meissner wrote:
On Tue, May 02, 2006 at 02:20:32PM +0200, houghi wrote:
On Tue, May 02, 2006 at 02:09:55PM +0200, houghi wrote:
Still the same error. :-/
With each posting in this thread, I will update http://houghi.org/script/makeSUSEdvd like now.
Kann you do:
gpg --list-key -v 70660424
And check if it is correctly self signed? If not, please do gpg --sign-key 70660424
I see nothing wrong with it. houghi@penne : gpg --list-key -v 70660424 gpg: using classic trust model pub 2048R/70660424 2006-04-30 uid houghi (makeSUSEdvd) <makesusedvd@houghi.org> The second gives me: houghi@penne : gpg --sign-key 70660424 pub 2048R/70660424 created: 2006-04-30 expires: never usage: CS trust: ultimate validity: ultimate [ultimate] (1). houghi (makeSUSEdvd) <makesusedvd@houghi.org> "houghi (makeSUSEdvd) <makesusedvd@houghi.org>" was already signed by key 70660424 Nothing to sign with key 70660424 houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 02:09:55PM +0200, houghi wrote:
On Tue, May 02, 2006 at 01:52:31PM +0200, Marcus Meissner wrote:
Instead of: gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc use gpg --export -a $LOCAL_KEY > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
I don't see a difference in output, but I asume it could be different when you have more then one key.
Yes. You would allow _all_ public keys in the keyring to be trusted ;)
Are content.asc files generated? files? I asume you you mean file. I only see $CD_DIR/content.asc
Then it is created.
To the detach signs add a || echo "*** SIGNING FAILED! ****" gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content || echo "**** SIGNING FAILED!"
It is first removed and later is available, so yes it is generated. However adding the error should not be an issue
Still the same error. :-/
Can you attach y2log files to the bugzilla report that is open? Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-02 at 14:28 +0200, Marcus Meissner wrote:
Can you attach y2log files to the bugzilla report that is open?
If you want, I have saved the logs of my install session with the DVD, the broken one that did finish update from RC2 to RC3. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEV6cTtTMYHG2NR9URAgO3AJ48mMAUu6yfD97BTeJYpqJANpt6tACfbG8I 5eO7cNtLMC+EfH+iaSm01t8= =5Cdv -----END PGP SIGNATURE-----
On Tue, May 02, 2006 at 02:28:11PM +0200, Marcus Meissner wrote:
On Tue, May 02, 2006 at 02:09:55PM +0200, houghi wrote:
On Tue, May 02, 2006 at 01:52:31PM +0200, Marcus Meissner wrote:
Instead of: gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc use gpg --export -a $LOCAL_KEY > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
I don't see a difference in output, but I asume it could be different when you have more then one key.
Yes. You would allow _all_ public keys in the keyring to be trusted ;)
All as in "more then one" will be for fase two. At this moment I only have one key. :-)
Are content.asc files generated? files? I asume you you mean file. I only see $CD_DIR/content.asc
Then it is created.
Wel, after a small change it is.
To the detach signs add a || echo "*** SIGNING FAILED! ****" gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content || echo "**** SIGNING FAILED!"
gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/content That is the line now (notice the -a) Still the same error
Can you attach y2log files to the bugzilla report that is open?
Will do after another testrun makeSUSEdvd on houghi.org is again updated. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 08:41:01PM +0200, houghi wrote:
Can you attach y2log files to the bugzilla report that is open?
Will do after another testrun makeSUSEdvd on houghi.org is again updated.
Done https://bugzilla.novell.com/attachment.cgi?id=81360&action=view houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 02, 2006 at 09:06:36PM +0200, houghi wrote:
On Tue, May 02, 2006 at 08:41:01PM +0200, houghi wrote:
Can you attach y2log files to the bugzilla report that is open?
Will do after another testrun makeSUSEdvd on houghi.org is again updated.
Done https://bugzilla.novell.com/attachment.cgi?id=81360&action=view
Due to all the fuzz, I noticed something else. When I use the is made with makeSUSEdvd, I do not get a 'Media Check' before the Licence agreement. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hallo Leute, Am Mittwoch, 3. Mai 2006 03:58 schrieb houghi:
On Tue, May 02, 2006 at 09:06:36PM +0200, houghi wrote:
On Tue, May 02, 2006 at 08:41:01PM +0200, houghi wrote:
Can you attach y2log files to the bugzilla report that is open?
Will do after another testrun makeSUSEdvd on houghi.org is again updated.
Done https://bugzilla.novell.com/attachment.cgi?id=81360&action=view
Due to all the fuzz, I noticed something else. When I use the is made with makeSUSEdvd, I do not get a 'Media Check' before the Licence agreement.
Maybe this is because your media doesn't contain a checksum? (This is a wild guess - I didn't check your script and also don't know if YaST behaves this way.) /usr/share/doc/packages/checkmedia/README explains how the check works and how to add the checksum - maybe this is a nice feature for your script, too ;-) Regards, Christian Boltz -- [vordefinierte Perlvariablen $_, $>, $[ usw.]
Steht eigentlich in $§ die Lizenz? ;-))) $ perl -we 'print $§' Use of uninitialized value in print at -e line 1. [> Christian Boltz und David Haller in fontlinge-devel]
On Wed, May 03, 2006 at 02:51:01PM +0200, Christian Boltz wrote:
Maybe this is because your media doesn't contain a checksum? (This is a wild guess - I didn't check your script and also don't know if YaST behaves this way.)
No, it does not.
/usr/share/doc/packages/checkmedia/README explains how the check works and how to add the checksum - maybe this is a nice feature for your script, too ;-)
OK, I did `tagmedia --check --md5 SUSE-10.1-0-DVD.iso` and now indeed I get the Media check. I then get that the md5sum is wrong. Here is the results: houghi@penne : tagmedia --check --md5 SUSE-10.1-0-DVD.iso md5sum=6ede35754ec647ec45bb9c386fc05792 check=1 <snip a lot from y2log> 2006-05-03 13:47:22 <1> linux(2393) [YCP] clients/inst_checkmedia.ycp:73 Parsed application area: $["check":"1", "md5sum":"6ede35754ec647ec45bb9c386fc05792"] <snip a LOT from y2log> 2006-05-03 13:48:26 <1> linux(2393) [YCP] checkmedia/ui.ycp:110 Expected MD5 of the medium: e1e90689c1c4908dd7c27695520c9ab9 2006-05-03 13:48:26 <1> linux(2393) [YCP] checkmedia/ui.ycp:126 Translated info: ["Result: md5sum wrong"] Why does YaST think that the MD5SUM must be e1...b9 while tagmedia makes it 6e...92 ? Also will this have any influence on the checks later? I doubt so, but one can never be too sure So next I removed the md5sum and did: tagmedia --add-tag \ md5sum=e1e90689c1c4908dd7c27695520c9ab9 SUSE-10.1-0-DVD.iso It then is looking for another MD5SUM So what is the exact command that I need to run and does it have influence on all the signing problems? houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-05-03 at 18:08 +0200, houghi wrote:
/usr/share/doc/packages/checkmedia/README explains how the check works and how to add the checksum - maybe this is a nice feature for your script, too ;-)
OK, I did `tagmedia --check --md5 SUSE-10.1-0-DVD.iso` and now indeed I get the Media check. I then get that the md5sum is wrong.
IMO, checking the media for a dvd generated and burnt locally, and probably checked by k3b or equivalent, is probably a waste of time. If we downloaded the dvd iso, then it makes sense. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEWS+5tTMYHG2NR9URAipKAJ96CMOfla/rFAmvZNnF2xhD260HjACfRO6L n6MFulfIA1b+DCsNguD4XMQ= =kw1J -----END PGP SIGNATURE-----
On Thu, May 04, 2006 at 12:33:27AM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Wednesday 2006-05-03 at 18:08 +0200, houghi wrote:
/usr/share/doc/packages/checkmedia/README explains how the check works and how to add the checksum - maybe this is a nice feature for your script, too ;-)
OK, I did `tagmedia --check --md5 SUSE-10.1-0-DVD.iso` and now indeed I get the Media check. I then get that the md5sum is wrong.
IMO, checking the media for a dvd generated and burnt locally, and probably checked by k3b or equivalent, is probably a waste of time. If we downloaded the dvd iso, then it makes sense.
I generaly don't do it. However it could be that somebody makes his own CD or DVD (e.g. slick) and distributes the iso. If it is then workes, it is a nice extra. I will start a new thread about it, as I don't think it is related to this. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-05-04 at 01:04 +0200, houghi wrote:
I generaly don't do it. However it could be that somebody makes his own CD or DVD (e.g. slick) and distributes the iso. If it is then workes, it is a nice extra.
Yes, that's true. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEWTuwtTMYHG2NR9URAmI6AJ9HMwmeJ6ZHYHjYA69gRK5urtSUdgCbBYNT aVTffb6gpZXO1mIq5MDNZV0= =0P4f -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-02 at 12:58 +0200, Christian Boltz wrote:
Strange, this key should have been imported by default.
Marcus, read the whole story again ;-)
Carlos wrote he updated to RC3 using the _DVD_
Houghi's script changed the "content" file as before, but did not touch the signature file (it simply didn't know it yet).
Therefore the broken signature is "normal" IMHO ;-)
Ok, whatever. But my question remains valid. I did manage to update from RC2 to RC3 with that broken DVD, and I get that "integrity check failed" error on every pass of YOU. How do I solve that problem in the already installed RC3 system? Format and reinstall? This is Linux, formatting is unthinkable! - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEV6lJtTMYHG2NR9URArFjAJ9bWWxGpn0MKEQhClqMpz7kaB3isQCeOatS FAFDdDspCNEvqQn+iqIhoD8= =/m1x -----END PGP SIGNATURE-----
On Tue, May 02, 2006 at 08:47:34PM +0200, Carlos E. R. wrote:
How do I solve that problem in the already installed RC3 system? Format and reinstall? This is Linux, formatting is unthinkable!
This is an unfinsihed product. Formatting is to be expected. ;-) Complain to the maker of makeSUSEdvd (me) that his script did not perform as expected. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-02 at 20:52 +0200, houghi wrote:
On Tue, May 02, 2006 at 08:47:34PM +0200, Carlos E. R. wrote:
How do I solve that problem in the already installed RC3 system? Format and reinstall? This is Linux, formatting is unthinkable!
This is an unfinsihed product. Formatting is to be expected. ;-)
Ha! :-P
Complain to the maker of makeSUSEdvd (me) that his script did not perform as expected.
Ok, I know now that script was (is?) broken. How can the installed system be repaired? What is needed? I mean, is it a single rpm that is affected? It could be replaced from other source. If it is an rpm with a bad signature, it is a question of reinstalling a good one, and done. Is it and index file, pointing to the dvd something? It can then be replaced by another pointing to the CDs. Can I now tell the system to use the CD as install source instead of the DVD? Perhaps deletting or reinstalling whatever file or rpm was broken would work, no? But I have no idea at all what files to replace. The thing is, although I consider myself an expert, I know very little about this version. I can not solve this on my own. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEV7bOtTMYHG2NR9URAvSuAJ0QC1X4T13AyyyhOMCW/nr9PyPz+wCbBzNl sc48pArY/vqsIcA1pzrHdDE= =cznc -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-02 at 21:45 +0200, Carlos E. R. wrote:
The Tuesday 2006-05-02 at 20:52 +0200, houghi wrote:
On Tue, May 02, 2006 at 08:47:34PM +0200, Carlos E. R. wrote:
How do I solve that problem in the already installed RC3 system? Format and reinstall? This is Linux, formatting is unthinkable!
This is an unfinsihed product. Formatting is to be expected. ;-)
Ha! :-P
I solved it, without formatting O:-) :-P I removed the DVD installation source in yast, then added another one pointing to the ISO images of the CD on the HD, and it worked, it stopped complaining about the bad signature. By the way, in order to change anything in Yast about the installation sources, it has be done one by one: remove the CD source, click "finish". Enter again, add another source, exit by clicking "finish". It can be worse, on RC1 I had to exit Yast completely to make changes stick. Another thing: entering the "change installation sources", and exiting it, is terribly slow, like half an hour, some times more. It appears to be downloading a large file from one or several external sources (which I discovered usin iptraf), but it doesn't offer any feedback, just an hourglass under the mouse icon. Maybe you guys use supercomputers with business grade networks, but most people will not be so lucky and will be tempted to kill Yast. In fact, I did so after what seemed 40 minutes waiting. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEWS6ftTMYHG2NR9URAlZxAJsF4S7g+rm7fo7skG+P3HKD3SBeFACfdVWk G62UIIAJKg5S8dxrjaX4yzU= =u3ir -----END PGP SIGNATURE-----
On Thursday 04 May 2006 01:28, Carlos E. R. wrote:
Another thing: entering the "change installation sources", and exiting it, is terribly slow, like half an hour, some times more. It appears to be downloading a large file from one or several external sources (which I discovered usin iptraf), but it doesn't offer any feedback, just an hourglass under the mouse icon.
It's the same (slow) without an internet connection as well. Maybe it waits for something and timeouts after a while. And probably it is related to bug #166287. Andras -- Quanta Plus developer - http://quanta.kdewebdev.org K Desktop Environment - http://www.kde.org
On Tue, May 02, 2006 at 10:45:34AM +0200, Marcus Meissner wrote:
So according to the above, I have done: 1) create a GPG key 2) adapted the "packages" file the latest create_package_descr 3) signed content 4) created /content.key
As long as I do not know if I am doing things correctly, I can't put anything in bugzilla. :-(
You must recreate the SHA1sums in the /content file to match the changed files (MD5SUMS and packages for instance) and sign it afterwards.
For META SHA1 ... these are al files in CD$/suse/setup/descr/ For KEY SHA1 ... these are the keys in CD$/ At least that is what I see.
Also all meta file needs to be listed there, see CD1/content
Not sure what the difference is whith what you mean above. I still get the same error. I now have: #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content #Set the key LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc # Sign files in /suse/setup/descr/ for FILE in `ls $CD_DIR/suse/setup/descr/` do echo "META SHA1 $(cd $CD_DIR/suse/setup/descr/ && sha1sum ${FILE})" >> $CD_DIR/content done #Sign *.asc files for FILE in `ls $CD_DIR|grep ^gpg-pubkey*` do echo "KEY SHA1 $(cd $CD_DIR && sha1sum ${FILE})">> $CD_DIR/content done rm $CD_DIR/content.asc # echo "KEY SHA1 $(cd $CD_DIR && sha1sum gpg-pubkey-${LOCAL_KEY}.asc)" >> $CD_DIR/content gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content gpg --export -a -u $LOCAL_KEY > $CD_DIR/content.key rm $CD_DIR/media.1/products.asc gpg --detach-sign -a $CD_DIR/media.1/products gpg --export -a -u $LOCAL_KEY > $CD_DIR/media.1/products.key houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Am Dienstag, 2. Mai 2006 12:43 schrieb houghi:
I still get the same error. I now have: #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content
Does all content have to be signed by the same key? If not, why do you resign also files, which content did not change (e.g. selection files)?
#Set the key LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
This gives a file like gpg-pubkey-6344CBC1.asc But on the CDs the keys look like this: gpg-pubkey-9c800aca-40d8063e.asc
# Sign files in /suse/setup/descr/ for FILE in `ls $CD_DIR/suse/setup/descr/` do echo "META SHA1 $(cd $CD_DIR/suse/setup/descr/ && sha1sum ${FILE})" >> $CD_DIR/content done #Sign *.asc files for FILE in `ls $CD_DIR|grep ^gpg-pubkey*` do echo "KEY SHA1 $(cd $CD_DIR && sha1sum ${FILE})">> $CD_DIR/content done
Here the same question: is it neccessary to resign all the files? Or would it be enough to sign only the files makeSuSEdvd changed? Btw: gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products creates products.sig not products.asc on my SL 9.3 -- Mit freundlichen Grüßen, Marcel Hilzinger Linux New Media AG Süskindstr. 4 D-81929 München Tel: +49 (89) 99 34 11 0 Fax: +49 (89) 99 34 11 99
On Fri, May 05, 2006 at 11:51:19PM +0200, Marcel Hilzinger wrote:
Am Dienstag, 2. Mai 2006 12:43 schrieb houghi:
I still get the same error. I now have: #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content
Does all content have to be signed by the same key? If not, why do you resign also files, which content did not change (e.g. selection files)?
Mainly lazyness. Otherwise I would also have to check wich files are changed and wich ones are not, making it more complicating then needed, I think. For me it is easier to just sign all, instead of just some and some not. The reason that I rather do all is that way I won't forget anything. :-)
#Set the key LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
This gives a file like gpg-pubkey-6344CBC1.asc But on the CDs the keys look like this:
gpg-pubkey-9c800aca-40d8063e.asc
I know. No idea wether this is relevant. How do I get a key as above?
# Sign files in /suse/setup/descr/ for FILE in `ls $CD_DIR/suse/setup/descr/` do echo "META SHA1 $(cd $CD_DIR/suse/setup/descr/ && sha1sum ${FILE})" >> $CD_DIR/content done #Sign *.asc files for FILE in `ls $CD_DIR|grep ^gpg-pubkey*` do echo "KEY SHA1 $(cd $CD_DIR && sha1sum ${FILE})">> $CD_DIR/content done
Here the same question: is it neccessary to resign all the files? Or would it be enough to sign only the files makeSuSEdvd changed?
Same answer. You might gain time, but loose simplicity. (Unless there is a reason that it won't work otherwise)
Btw: gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products
creates products.sig not products.asc on my SL 9.3
Without the -a it does. With the -a it makes a products.asc houghi@penne : touch test houghi@penne : l test* -rw------- 1 houghi users 6523 2006-04-30 20:13 test houghi@penne : gpg --detach-sign -u 70660424 test houghi@penne : l test* -rw------- 1 houghi users 6523 2006-04-30 20:13 test -rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig houghi@penne : gpg --detach-sign -u 70660424 -a test houghi@penne : l test* -rw------- 1 houghi users 6523 2006-04-30 20:13 test -rw-r--r-- 1 houghi users 481 2006-05-06 00:11 test.asc -rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig Or at least that is how it should be. I don't have a 9.3 installed, so I can't verify. Anybody else? houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, May 05, 2006 at 11:51:19PM +0200, Marcel Hilzinger wrote:
Am Dienstag, 2. Mai 2006 12:43 schrieb houghi:
I still get the same error. I now have: #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content
Does all content have to be signed by the same key? If not, why do you resign also files, which content did not change (e.g. selection files)?
Resigning of files that did not change is not necessary.
LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
This gives a file like gpg-pubkey-6344CBC1.asc But on the CDs the keys look like this:
gpg-pubkey-9c800aca-40d8063e.asc
This should not be problematic, as long as it is listed in the /content file.
$CD_DIR/content done Here the same question: is it neccessary to resign all the files? Or would it be enough to sign only the files makeSuSEdvd changed?
Btw: gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products
creates products.sig not products.asc on my SL 9.3
Perhaps move the -a before the -u ? Ciao, Marcus
On Sat, May 06, 2006 at 10:47:39AM +0200, Marcus Meissner wrote:
Resigning of files that did not change is not necessary.
No, but it is easier then looking wich ones were changed and wich ones were not and perhaps missing one.
gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products
creates products.sig not products.asc on my SL 9.3
Perhaps move the -a before the -u ?
Would that make a difference on older versions? Can somebody do the following: touch test gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/ .*//g;'|head -n 1 and then (if 70660424 is the answer from above) gpg --detach-sign -a -u 70660424 test and then gpg --detach-sign -u 70660424 -a test and see if the result is different? houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
I have identified and fixed the problem. The key needs to be added to the initial ramdisk of the CDD/DVD, so some extra magic is necessary. I have attached the patch to make it work, apply with patch makeSUSEdvd < msd.pat Ciao, Marcus
Am Montag, 8. Mai 2006 16:31 schrieb Marcus Meissner:
I have identified and fixed the problem.
The key needs to be added to the initial ramdisk of the CDD/DVD, so some extra magic is necessary.
I have attached the patch to make it work, apply with patch makeSUSEdvd < msd.pat
I tried the patched script, but it still says No catalogue under 'cd:///?devices%3d%2fdev%2fhdc' ERROR: No proposal -- Mit freundlichen Grüßen, Marcel Hilzinger Linux New Media AG Süskindstr. 4 D-81929 München Tel: +49 (89) 99 34 11 0 Fax: +49 (89) 99 34 11 99
On Mon, May 08, 2006 at 04:31:13PM +0200, Marcus Meissner wrote:
I have identified and fixed the problem.
The key needs to be added to the initial ramdisk of the CDD/DVD, so some extra magic is necessary.
I have attached the patch to make it work, apply with patch makeSUSEdvd < msd.pat
Ciao, Marcus
Does not work for me. Well, the patching does, but not the result. <snip>
+ PUT_KEY_IN_INITRD #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content
I have brought "PUT_KEY_IN_INITRD" down a few lines. "PUT_KEY_IN_INITRD" uses the variable $LOCAL_KEY, so it might be better to use it after $LOCAL_KEY is calculated. That at least does not give an error. What I do get is: Initrd is /tmp/CD_DIR/boot/i386/loader/initrd /tmp/CD_DIR/tmpinitrd /tmp/CD_DIR cpio: dev/null: Operation not permitted cpio: dev/ram0: Operation not permitted cpio: dev/tty1: Operation not permitted cpio: dev/zero: Operation not permitted cpio: dev/console: Operation not permitted cpio: lib/udev/devices/md0: Operation not permitted cpio: lib/udev/devices/md1: Operation not permitted <snip> cpio: lib/udev/devices/fwmonitor: Operation not permitted 38584 blocks 38582 blocks /tmp/CD_DIR This during the runnung of makeSUSEdvd houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Mon, May 08, 2006 at 06:25:00PM +0200, houghi wrote:
On Mon, May 08, 2006 at 04:31:13PM +0200, Marcus Meissner wrote:
I have identified and fixed the problem.
The key needs to be added to the initial ramdisk of the CDD/DVD, so some extra magic is necessary.
I have attached the patch to make it work, apply with patch makeSUSEdvd < msd.pat
Ciao, Marcus
Does not work for me. Well, the patching does, but not the result.
<snip>
+ PUT_KEY_IN_INITRD #Remove keys in content grep -v ^META $CD_DIR/content > $CD_DIR/content.bak mv $CD_DIR/content.bak $CD_DIR/content
I have brought "PUT_KEY_IN_INITRD" down a few lines. "PUT_KEY_IN_INITRD" uses the variable $LOCAL_KEY, so it might be better to use it after $LOCAL_KEY is calculated.
Yes, I had a "LOCAL_KEY=0x...." at the beginning of the script.
That at least does not give an error. What I do get is: Initrd is /tmp/CD_DIR/boot/i386/loader/initrd /tmp/CD_DIR/tmpinitrd /tmp/CD_DIR cpio: dev/null: Operation not permitted cpio: dev/ram0: Operation not permitted cpio: dev/tty1: Operation not permitted cpio: dev/zero: Operation not permitted cpio: dev/console: Operation not permitted cpio: lib/udev/devices/md0: Operation not permitted cpio: lib/udev/devices/md1: Operation not permitted <snip> cpio: lib/udev/devices/fwmonitor: Operation not permitted 38584 blocks 38582 blocks /tmp/CD_DIR
This during the runnung of makeSUSEdvd
Hmm. This needs root access I am afraid. Is this a problem? (The two cpios need it, the rest likely does not.) Ciao, Marcus
Actually this is the full diff which was working for me: Note that I just moved the keyid with which to sign to a toplevel define. Ciao, Marcus --- /suse/meissner/makeSUSEdvd 2006-05-08 16:29:25.000000000 +0200 +++ /root/makeSUSEdvd 2006-05-08 15:52:44.000000000 +0200 @@ -22,12 +22,14 @@ # below to a partition with enough space HERE=$PWD -CD_DIR="/tmp/CD_DIR" -# CD_DIR="$HERE/CD_DIR" # Use this if you want to have the +#CD_DIR="/tmp/CD_DIR" +CD_DIR="$HERE/CD_DIR" # Use this if you want to have the # subdirectories in the same directory as # the ISOs #DVD_DIR="/tmp/DVD_DIR" - LOCAL_KEY=$(gpg --fingerprint | grep ^pub | awk '{print $2}' | cut -d"/" -f2) + +LOCAL_KEY=0x08AD8FC5 + DVD_DIR="$HERE/DVD_DIR" # Use this if you want to have the # subdirectories in the same directory as # the ISOs @@ -500,7 +502,6 @@ mv $CD_DIR/content.bak $CD_DIR/content #Set the key - LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/ .*//g;'|head -n 1` gpg --export -a $LOCAL_KEY > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc # Sign files in /suse/setup/descr/
Where can I find the latest version of makeSUSEdvd? SourceForge has version 0.29 (2005-11-19)... /Jan K.
On Tue, May 09, 2006 at 06:23:02AM +0200, Jan Karjalainen wrote:
Where can I find the latest version of makeSUSEdvd? SourceForge has version 0.29 (2005-11-19)...
0.29 is the latest version. On SF I just edit the version number, upload the new files and delete the old ones. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Mon, May 08, 2006 at 06:27:16PM +0200, Marcus Meissner wrote:
I have brought "PUT_KEY_IN_INITRD" down a few lines. "PUT_KEY_IN_INITRD" uses the variable $LOCAL_KEY, so it might be better to use it after $LOCAL_KEY is calculated.
Yes, I had a "LOCAL_KEY=0x...." at the beginning of the script.
Here lies already part of the solution. My key would be 08AD8FC5 and not 0x08AD8FC5. So I added the following line right after LOCAL_KEY=`gpg ... LOCAL_KEY=0x${LOCAL_KEY} I now get the following error: Cannot solve dependencies automatically. Manual intevention is required. * Standard System with GNOME (47.3 MB total) I am then able to select the software. YEAH! And get into dependecy hell. BOO!. ¹
Hmm. This needs root access I am afraid. Is this a problem? (The two cpios need it, the rest likely does not.)
It should not be a problem, as it needs root already for the iso mounting. I will look to move it more to the beginning, so that on slower machines there is no need to enter the rootpassword a second time due to timeout. So the problem was that the key needed 0x in front of the key. http://houghi.org/script/makeSUSEdvd is what I use now. I will do some more testing and see what happens. It looks promising, however. ¹ Most likely because I only use CD1 and not 1-3. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Mon, May 08, 2006 at 07:16:41PM +0200, houghi wrote:
On Mon, May 08, 2006 at 06:27:16PM +0200, Marcus Meissner wrote:
I have brought "PUT_KEY_IN_INITRD" down a few lines. "PUT_KEY_IN_INITRD" uses the variable $LOCAL_KEY, so it might be better to use it after $LOCAL_KEY is calculated.
Yes, I had a "LOCAL_KEY=0x...." at the beginning of the script.
Here lies already part of the solution. My key would be 08AD8FC5 and not 0x08AD8FC5. So I added the following line right after LOCAL_KEY=`gpg ... LOCAL_KEY=0x${LOCAL_KEY}
I now get the following error: Cannot solve dependencies automatically. Manual intevention is required. * Standard System with GNOME (47.3 MB total)
I am then able to select the software. YEAH! And get into dependecy hell. BOO!. ¹
Hmm. This needs root access I am afraid. Is this a problem? (The two cpios need it, the rest likely does not.)
It should not be a problem, as it needs root already for the iso mounting. I will look to move it more to the beginning, so that on slower machines there is no need to enter the rootpassword a second time due to timeout.
So the problem was that the key needed 0x in front of the key. http://houghi.org/script/makeSUSEdvd is what I use now. I will do some more testing and see what happens. It looks promising, however.
¹ Most likely because I only use CD1 and not 1-3.
I experienced the same dependency, since i also used CD1 only. But at least the original signing problem is now passed. Ciao, Marcus
On Mon, May 08, 2006 at 07:19:30PM +0200, Marcus Meissner wrote:
I experienced the same dependency, since i also used CD1 only. But at least the original signing problem is now passed.
Yes. With CD1-3 there is no error anymore. W00t! Now some more serious testing and some changing in the script. It also solved the issue of the need of running with sudo for the mounting of the iso's. That can just stay in. :-) Thanks a million times for the PUT_KEY_IN_INITRD. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-05-08 at 19:34 +0200, houghi wrote:
Now some more serious testing and some changing in the script. It also solved the issue of the need of running with sudo for the mounting of the iso's. That can just stay in. :-)
Let me sidestep a bit and mention an issue I noticed. When I first tried makeSUSEdvd I couldn't use it as user because it expects sudo to be configured in such a way to require the root password to run. This is not typical, and IMO, insecure. Then I looked at the default '/etc/sudoers' file of 10.1. It says: # In the default (unconfigured) configuration, sudo asks for the root password. # This allows use of an ordinary user account for administration of a freshly # installed system. When configuring sudo, delete the two # following lines: Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! That needed line for 'makeSUSEdvd' is the default during the installation and configuration phase of a system; but once in "production", those two lines are normally removed - meaning that sudoers have to use their own passwords and run only specified commands, not any random command they may want. The consequence is that on a "production" machine, 'makeSUSEdvd' can not run using sudo. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEX6VRtTMYHG2NR9URAi7dAJ0SCFkVHMYfjmR9cWzrI4M891YZTQCdHfVt d7HFfBgFUzmqe8BAffT7pXA= =D+oN -----END PGP SIGNATURE-----
On Mon, May 08, 2006 at 10:08:46PM +0200, Carlos E. R. wrote:
That needed line for 'makeSUSEdvd' is the default during the installation and configuration phase of a system; but once in "production", those two lines are normally removed - meaning that sudoers have to use their own passwords and run only specified commands, not any random command they may want. The consequence is that on a "production" machine, 'makeSUSEdvd' can not run using sudo.
Unfortunatly there is no real alternative, other then running it as root. I like to run things as little as root as possible. On the other hand, you are the first, and so far only, person who complained about this. With several thousand downloads, I would expect some people complaining. So it seems almost nobody changes the default. Due to the fact that you might need to enter you rootpassword twice, I might be willing to let it be run as root. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-05-08 at 22:37 +0200, houghi wrote:
Unfortunatly there is no real alternative, other then running it as root. I like to run things as little as root as possible.
I know, I know you have to do somethings in the script as root. It is not possible to enter the mounts in fstab beforehand, because the exact mount points and files are not known at that moment
On the other hand, you are the first, and so far only, person who complained about this.
I'm not complaining, I'm just mentioning a problem. It maybe because most people do not even know that SuSE configured sudo be default in a nonsecure way and didn't even look at it. The default is an "easy" default.
Due to the fact that you might need to enter you rootpassword twice, I might be willing to let it be run as root.
The other possibility would be to think what config line(s) could be set up in the sudoers file so that the script could run as "user". It might be possible. I haven't looked it up because first I would have to study the script and find out what exact commands does it need, and because it was faster for me to simply "su" and run it as root. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEX8VBtTMYHG2NR9URAli7AJ4wOiIwKWQVubgbOFcbHLGLQiFMmQCeLMqa SWVKyDnJnlaoQZmvRl5EOas= =WQ8F -----END PGP SIGNATURE-----
On Tue, May 09, 2006 at 12:24:58AM +0200, Carlos E. R. wrote:
On the other hand, you are the first, and so far only, person who complained about this.
I'm not complaining, I'm just mentioning a problem.
I do not see complaining to be something bad.
It maybe because most people do not even know that SuSE configured sudo be default in a nonsecure way and didn't even look at it. The default is an "easy" default.
I don't know if all people who run the script only run SUSE. I have heard from people running it on Debian and on Mandrake as well.
Due to the fact that you might need to enter you rootpassword twice, I might be willing to let it be run as root.
The other possibility would be to think what config line(s) could be set up in the sudoers file so that the script could run as "user". It might be possible. I haven't looked it up because first I would have to study the script and find out what exact commands does it need, and because it was faster for me to simply "su" and run it as root.
That would only complcate things. I am not going to write a script that changes sudoers in any way. You would need to run that as root, making the fact that you later can run it as user ineffective. I would like to run things as user on a standard system. There could have been a way out with the mounting. However now there is something else added, so perhaps it is now better to run it as root. That would need some rewriting, because the iso and other files must be owned by a user, I think. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-09 at 01:44 +0200, houghi wrote:
On the other hand, you are the first, and so far only, person who complained about this.
I'm not complaining, I'm just mentioning a problem.
I do not see complaining to be something bad.
Sorry, we have diferent cultures ;-)
It maybe because most people do not even know that SuSE configured sudo be default in a nonsecure way and didn't even look at it. The default is an "easy" default.
I don't know if all people who run the script only run SUSE. I have heard from people running it on Debian and on Mandrake as well.
Ah! Good point. Then, that default must be from the people making sudo itself, or distros copy one another ;-)
Due to the fact that you might need to enter you rootpassword twice, I might be willing to let it be run as root.
The other possibility would be to think what config line(s) could be set up in the sudoers file so that the script could run as "user". It might be possible. I haven't looked it up because first I would have to study the script and find out what exact commands does it need, and because it was faster for me to simply "su" and run it as root.
That would only complcate things. I am not going to write a script that changes sudoers in any way. You would need to run that as root, making the fact that you later can run it as user ineffective.
No, you can not change the sudoers file. The user has to request his admin, using the standard triplicate forms, to please add those changes to the sudoers file when he has time and a nice mood ;-) No, seriously, my cuestion is simple: what are the exact comands that need to be run as root? I know that "mount" is one, but more specifically, mount what? (pattern?). (Maybe not so simple).
I would like to run things as user on a standard system. There could have been a way out with the mounting. However now there is something else added, so perhaps it is now better to run it as root.
That would need some rewriting, because the iso and other files must be owned by a user, I think.
Well, I did run the script as root, so it works. Of course, the files end owned by root, and that is a complication - well, I'm the root, so then it's not a big problem :-) You could do it the other way. Be root, and "su" to some user when not needed (or drop privileges). - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEX9vTtTMYHG2NR9URAi9xAKCVyj/WpAyppMi7XrfRjFKOSQG5sQCcCP77 oSyudYQ5ckWLyyXn35gFXa8= =OVK+ -----END PGP SIGNATURE-----
On Tue, May 09, 2006 at 02:01:22AM +0200, Carlos E. R. wrote:
No, seriously, my cuestion is simple: what are the exact comands that need to be run as root? I know that "mount" is one, but more specifically, mount what? (pattern?). (Maybe not so simple).
grep sudo makeSUSEdvd mount does the following. It mounts each iso file to a specific directory. Each iso and each directory will be different from user to user and even from one time to the other. Then there is also umount, cpio, echo, rm and yast. And who knows what the future holds. :-)
Well, I did run the script as root, so it works. Of course, the files end owned by root, and that is a complication - well, I'm the root, so then it's not a big problem :-)
Either that or a `chown`. Not sure wich one I might use. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
It mounts each iso file to a specific directory.
Actually, in theory, the file-roller program can extract files from an iso image, so if you can figure out the utterly undocumented command line options for using it in non-gui mode you might be able to avoid needing to be root (for the mounts, anyway). Of course, the one time I tired to use it, strace told me it was hung in a futex system call, so I don't know how much luck you might having getting it to actually extract the files.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-09 at 02:52 +0200, houghi wrote:
On Tue, May 09, 2006 at 02:01:22AM +0200, Carlos E. R. wrote:
No, seriously, my cuestion is simple: what are the exact comands that need to be run as root? I know that "mount" is one, but more specifically, mount what? (pattern?). (Maybe not so simple).
grep sudo makeSUSEdvd mount does the following. It mounts each iso file to a specific directory. Each iso and each directory will be different from user to user and even from one time to the other.
Ouch. Complicated.
Then there is also umount, cpio, echo, rm and yast.
umount is similar to mount. Unless you can manage it in the same way as 'mc' does it :-? cpio as root? Curious! Unless the files belong to him :-? rm... echo as root? yast - instead a request to the user to install something (I personally prefer that). You have made quite a complex script :-)
And who knows what the future holds. :-)
True.
Well, I did run the script as root, so it works. Of course, the files end owned by root, and that is a complication - well, I'm the root, so then it's not a big problem :-)
Either that or a `chown`. Not sure wich one I might use.
Dropping privileges is safer. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEX+3gtTMYHG2NR9URAgxTAJ9r/HMaRHQCfAY8kfQLK+ddrBsE0ACfbmYW jXU26P5lyGrZtNdZaB8ZcxA= =Mcd5 -----END PGP SIGNATURE-----
On Tue, May 09, 2006 at 03:18:14AM +0200, Carlos E. R. wrote:
grep sudo makeSUSEdvd mount does the following. It mounts each iso file to a specific directory. Each iso and each directory will be different from user to user and even from one time to the other.
Ouch. Complicated.
Perhaps for sudo, but normal for the script. Just look at all the different SUSE and SLES names for each and every CD and DVD. Next the person can choose where to mount to.
Then there is also umount, cpio, echo, rm and yast.
umount is similar to mount. Unless you can manage it in the same way as 'mc' does it :-?
I was looking into doing it like mc does, but now that other thiongs need root, it becomes obsolete.
cpio as root? Curious! Unless the files belong to him :-?
PUT_KEY_IN_INITRD Without it, it does not work.
rm...
echo as root?
Yes, I use it in the beginning as a test. If you know the password you pass, if not, you don't. In the beginning of the script there was a lot that was done before the actual mounting. Best to cut it as soon as possible.
yast - instead a request to the user to install something (I personally prefer that).
Well, obviously it asks wether or not you want to run YaST. It is just a small extra to install stuff that is not available. I probably must also add a create_package_descr version checker to see that the correct version is used. Unfortuatly the people at SUSE have not put in the verson number or another easy way of finding out if -C is available. That means it will be something like: `grep do_checksums /usr/bin/create_package_descr` and then see if you get feedback or not and if not, trell that you need to install a newer version.
You have made quite a complex script :-)
Blame SUSE. They made a complex distribution. ;-)
Either that or a `chown`. Not sure wich one I might use.
Dropping privileges is safer.
So `su user` it will become. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tue, May 09, 2006 at 03:49:19AM +0200, houghi wrote:
On Tue, May 09, 2006 at 03:18:14AM +0200, Carlos E. R. wrote:
grep sudo makeSUSEdvd mount does the following. It mounts each iso file to a specific directory. Each iso and each directory will be different from user to user and even from one time to the other.
Ouch. Complicated.
Perhaps for sudo, but normal for the script. Just look at all the different SUSE and SLES names for each and every CD and DVD. Next the person can choose where to mount to.
Then there is also umount, cpio, echo, rm and yast.
umount is similar to mount. Unless you can manage it in the same way as 'mc' does it :-?
I was looking into doing it like mc does, but now that other thiongs need root, it becomes obsolete.
cpio as root? Curious! Unless the files belong to him :-?
PUT_KEY_IN_INITRD Without it, it does not work.
For the device nodes in the initrd. Quite difficult to handle them as non-root. ciao, Marcus
On 8 May 2006 at 22:37, houghi wrote:
On Mon, May 08, 2006 at 10:08:46PM +0200, Carlos E. R. wrote:
That needed line for 'makeSUSEdvd' is the default during the installation and configuration phase of a system; but once in "production", those two lines are normally removed - meaning that sudoers have to use their own passwords and run only specified commands, not any random command they may want. The consequence is that on a "production" machine, 'makeSUSEdvd' can not run using sudo.
Unfortunatly there is no real alternative, other then running it as root.
Running it as root is the purpose of "sudo", but not knowing the root password. Consider a configuration skeletton (from HP-UX): # User alias specification User_Alias MEDIA_OPERATOR = %dba, windl # Cmnd alias specification Cmnd_Alias CHANGE_CD = /usr/sbin/mount /SD_CDROM,\ /usr/sbin/umount /SD_CDROM MEDIA_OPERATOR ALL=CHANGE_CD
I like to run things as little as root as possible. On the other hand, you are the first, and so far only, person who complained about this.
With several thousand downloads, I would expect some people complaining. So it seems almost nobody changes the default.
That's bad! Regards, Ulrich
Due to the fact that you might need to enter you rootpassword twice, I might be willing to let it be run as root.
houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory-help@opensuse.org
On Tue, May 09, 2006 at 08:14:21AM +0200, Ulrich Windl wrote:
Running it as root is the purpose of "sudo", but not knowing the root password.
Consider a configuration skeletton (from HP-UX):
# User alias specification User_Alias MEDIA_OPERATOR = %dba, windl
# Cmnd alias specification Cmnd_Alias CHANGE_CD = /usr/sbin/mount /SD_CDROM,\ /usr/sbin/umount /SD_CDROM
MEDIA_OPERATOR ALL=CHANGE_CD
OK. How are you going to change the file if you don't have the root password? Also I did not think that HP-UX was Linux. made my scripts to work on Linux. If it works on something else, great. If not, pity.
With several thousand downloads, I would expect some people complaining. So it seems almost nobody changes the default.
That's bad!
Apparently not really that bad. YMMV. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On 9 May 2006 at 8:31, houghi wrote:
OK. How are you going to change the file if you don't have the root password? Also I did not think that HP-UX was Linux. made my scripts to
The same way as you would install Linux on the machine. That is why would you make a DVD if you cannot install it? Or make the DVD where you want to install it. I was just suggesting a sample for a sudoers file... Regards, Ulrich
On Tue, May 09, 2006 at 08:41:03AM +0200, Ulrich Windl wrote:
On 9 May 2006 at 8:31, houghi wrote:
OK. How are you going to change the file if you don't have the root password? Also I did not think that HP-UX was Linux. made my scripts to
The same way as you would install Linux on the machine. That is why would you make a DVD if you cannot install it? Or make the DVD where you want to install it.
I was just suggesting a sample for a sudoers file...
I know that you could edit the sudoers file. As the subject still talks about makeSUSEdvd, I look at it from the makeSUSEdvd angle. And from that point, changing sudoers is not an option. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
If it helps with avoiding root any, attached you will find the "isox" perl script which uses the isoinfo program (the same one that file-roller uses) to extract all the files from an iso image. Doesn't need to be root, just needs read permissions on the iso and write permissions where it creates the copy of all the files. I hereby declare this script to be public domain (because I sure don't want to maintain it :-). Do what you will with it. It does have some restrictions. For one thing the isoinfo program won't report anything more than the day for timestamps, so it can't reproduce the timestamp info very accurately (but it does what it can). It assumes the iso image has the "Rock Ridge" extensions so that the permission strings will be sensible in the isoinfo output (probably get all files with 000 mode if the iso doesn't have the extension). But it does seem to work. I've extracted some isos and compared them to the mounted image and the contents of the files certainly seem to match.
On Tue, May 09, 2006 at 09:26:02AM -0400, Tom Horsley wrote:
I hereby declare this script to be public domain (because I sure don't want to maintain it :-). Do what you will with it.
I have, well, looked at it. I can't understand perl, so there are one or two questions.
It does have some restrictions. For one thing the isoinfo program won't report anything more than the day for timestamps, so it can't reproduce the timestamp info very accurately (but it does what it can).
I am not sure wether this would be relevant for the SUSE iso. It could be that then all files need to be signed again.
But it does seem to work. I've extracted some isos and compared them to the mounted image and the contents of the files certainly seem to match. <snip>
As I would like to place it in makeSUSEdvd, I have mad a `bashified` version. Extremely basic. Below is what I have till now. What I can't figure out is how to do the correct chown to the files and directories. Other solutions are just as welcome. #!/bin/bash ISO=SUSE-Linux-10.1-RC3-i386-CD1.iso TEMP_DIR=TEMP_DIR rm $TEMP_DIR -rf #Remove after testing #Make the directories for DIR in `isoinfo -l -R -i $ISO |grep ^Directory|awk '{print $NF}'` do mkdir -p $TEMP_DIR${DIR} done #Copy the files for FILE in `isoinfo -f -R -i $ISO |grep -Ev '^d|^Directory'|awk '{print $1" "$NF}'` do if [ ! -d $TEMP_DIR${FILE} ] then isoinfo -R -i $ISO -x $FILE > $TEMP_DIR${FILE} printf . fi done exit houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Wed, May 10, 2006 at 02:54:54AM +0200, houghi wrote:
What I can't figure out is how to do the correct chown to the files and directories. Other solutions are just as welcome.
I still can't figure it out, but it seems to work as it is. The only file that needs a chmod +x is mkbootdisk So at this moment I have a mostly sudo free makeSUSEdvd, exept for rpm and yast. I just need some small info. Where can a user find the same info as /boot/grub/device.map has? That file is (perhaps rightfully) chmodded ad 600 and thus can't be accessed by the user. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-09 at 08:31 +0200, houghi wrote:
On Tue, May 09, 2006 at 08:14:21AM +0200, Ulrich Windl wrote:
Running it as root is the purpose of "sudo", but not knowing the root password.
Consider a configuration skeletton (from HP-UX):
# User alias specification User_Alias MEDIA_OPERATOR = %dba, windl
# Cmnd alias specification Cmnd_Alias CHANGE_CD = /usr/sbin/mount /SD_CDROM,\ /usr/sbin/umount /SD_CDROM
MEDIA_OPERATOR ALL=CHANGE_CD
OK. How are you going to change the file if you don't have the root password? Also I did not think that HP-UX was Linux. made my scripts to work on Linux. If it works on something else, great. If not, pity.
The configuration is the same in linux.
With several thousand downloads, I would expect some people complaining. So it seems almost nobody changes the default.
That's bad!
Apparently not really that bad. YMMV.
Well, it means that many people are using sudo in an unsecure way, one that is intended as provisional and temporary. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEYOxJtTMYHG2NR9URAs6/AJ9MWDkSTECqpng6H8kvqPnLCG5ghACfW865 XJXvsL2+/BwIeDsrGEfDBn8= =wIvm -----END PGP SIGNATURE-----
On Tue, May 09, 2006 at 09:23:44PM +0200, Carlos E. R. wrote:
OK. How are you going to change the file if you don't have the root password? Also I did not think that HP-UX was Linux. made my scripts to work on Linux. If it works on something else, great. If not, pity.
The configuration is the same in linux.
I then must be running Hurd, because I don't have that configuration. My goal is to run it all completely as user (and perhaps only sudo to YaST) This means editing sudoers defeats the purpose that I am aiming for. As this was not possible (I did not have the knowledge) I then decided to use sudo for those parts that needed it. This was only mount and cleanup after a mount. As there seems to be a way to do it with something included with mkisofs and as mkisofs is already needed, that will be the way I am looking now. I also want the program to use as little extra programs as possible, so another perl program to do that won't happen. That is also the reason I do not include create_package_descr in the package, although I might need to find a solution for the -C option that is now needed.
Well, it means that many people are using sudo in an unsecure way, one that is intended as provisional and temporary.
That is an altogether different discussion and has nothing to do with makeSUSEdvd. If that is what you want to talk about, perhaps using a different sugbject might have been better. OTOH if you have an easy solution on how to copy files to a directory using /usr/share/mc/extfs/iso9660 or better, using isoinfo, or any other of the other tools included with mkisofs, I would gladly to replace sudo. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-05-09 at 21:52 +0200, houghi wrote:
password? Also I did not think that HP-UX was Linux. made my scripts to work on Linux. If it works on something else, great. If not, pity.
The configuration is the same in linux.
I then must be running Hurd, because I don't have that configuration.
Because you have a default, non configured, sudo installation. A sudoers file configured normally does not allow your script to run.
Well, it means that many people are using sudo in an unsecure way, one that is intended as provisional and temporary.
That is an altogether different discussion and has nothing to do with makeSUSEdvd. If that is what you want to talk about, perhaps using a different sugbject might have been better.
But I did! ] Subject : Re: [opensuse-factory] sudo and makeSUSEdvd [Was: makeSUSEdvd error] ^^^^ I started a sub-thread about the issue with sudo related to the use makeSUSEdvd makes of it.
OTOH if you have an easy solution on how to copy files to a directory using /usr/share/mc/extfs/iso9660 or better, using isoinfo, or any other of the other tools included with mkisofs, I would gladly to replace sudo.
I don't have a solution. I'm just airing ideas and concerns. If I had a solution I would say it. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEYcMbtTMYHG2NR9URAm79AJ9YIZQIyo/hUzuYyeDo4/bu65FYrQCfYIZO 1SsSFpH+isQpZ4tP1TVbKVo= =lkaH -----END PGP SIGNATURE-----
On Wed, May 10, 2006 at 12:40:26PM +0200, Carlos E. R. wrote: <snip>
Because you have a default, non configured, sudo installation. A sudoers file configured normally does not allow your script to run.
I would call a non-edited file the 'normal' file. Wether this is good or not is another issue.
That is an altogether different discussion and has nothing to do with makeSUSEdvd. If that is what you want to talk about, perhaps using a different sugbject might have been better.
But I did!
No, you did not. Note the "AND" in the subject.
I started a sub-thread about the issue with sudo related to the use makeSUSEdvd makes of it.
Unfortunatly it is out of scope to makeSUSEdvd to edit sudoers or work with a non-standard, out of the box sudoer. Luckily I have found a solution for most things. Little sleep and lots of Zappa does that to a human. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-05-10 at 13:02 +0200, houghi wrote:
On Wed, May 10, 2006 at 12:40:26PM +0200, Carlos E. R. wrote: <snip>
Because you have a default, non configured, sudo installation. A sudoers file configured normally does not allow your script to run.
I would call a non-edited file the 'normal' file. Wether this is good or not is another issue.
Well, I'll accept that it is "normal" in the mathematical sense that it is the more frequent case. But anybody that configures sudo will see the recommendation to delete those two lines, and then, it fails.
That is an altogether different discussion and has nothing to do with makeSUSEdvd. If that is what you want to talk about, perhaps using a different sugbject might have been better.
But I did!
No, you did not. Note the "AND" in the subject.
Intentionally so. Sudo in relation to the script.
Unfortunatly it is out of scope to makeSUSEdvd to edit sudoers or work with a non-standard, out of the box sudoer.
I never thought of the script editing sudoers. My idea was to determine, if possible, what would have to be edited in the sudoers file, and let the user do that if he wanted. It was never my idea to modify the script in any way. Unfortunately, it is not an easy task, maybe not even possible. But what you call the non standard sudoers file configuration, is in fact the correct sudoers configuration. The script is relying on a wrong configuration that happens to be typical. See, if the user already has the root password, he can directly run it as root with no hassle. Anyway, I leave the discussion as it is, as I'm unable to make the point understood. If anybody can explain it better... :-?
Luckily I have found a solution for most things. Little sleep and lots of Zappa does that to a human. :-)
¡Good! - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEZIPPtTMYHG2NR9URAub7AJ9jYHOvH21Aeut6nijZT1Ry3prUJACfXI95 HoamZZqKKp5or1yGNY1CH8Q= =VkQP -----END PGP SIGNATURE-----
On Fri, May 12, 2006 at 02:47:09PM +0200, Carlos E. R. wrote:
See, if the user already has the root password, he can directly run it as root with no hassle.
I think it is wrong to run a script that does no system changed to run as root. I don't understand why `mount -o loop` can not be done as user. That would be the more correct question. I can download an iso, burn it and read the content as user. I can not download the iso and mount the iso. Also now it is proven that I can copy the content of the iso to anywhere, it is strange that loop demands this. I believe it is not so much sudoers that must be changed, it is loop that must be changed. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
houghi wrote:
On Fri, May 12, 2006 at 02:47:09PM +0200, Carlos E. R. wrote:
See, if the user already has the root password, he can directly run it as root with no hassle.
I think it is wrong to run a script that does no system changed to run as root. I don't understand why `mount -o loop` can not be done as user. That would be the more correct question. I can download an iso, burn it and read the content as user. I can not download the iso and mount the iso. Also now it is proven that I can copy the content of the iso to anywhere, it is strange that loop demands this. I believe it is not so much sudoers that must be changed, it is loop that must be changed.
houghi
it's not loop, it's mount. may be add an entry in /etc/fstab with "users" option,but I couldn't make this work jdd -- http://www.dodin.net http://dodin.org/galerie_photo_web/expo/index.html http://lucien.dodin.net http://fr.susewiki.org/index.php?title=Gérer_ses_photos
On Fri, May 12, 2006 at 04:23:28PM +0200, houghi wrote:
root. I don't understand why `mount -o loop` can not be done as user.
Security problem. Consider you could do this: Create an image with passwd and shadow file and do "mount -o loop,ro myiso.iso /etc". Robert -- Robert Schiele Tel.: +49-621-181-2214 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de "Quidquid latine dictum sit, altum sonatur."
On Fri, May 12, 2006 at 04:50:14PM +0200, Robert Schiele wrote:
On Fri, May 12, 2006 at 04:23:28PM +0200, houghi wrote:
root. I don't understand why `mount -o loop` can not be done as user.
Security problem. Consider you could do this: Create an image with passwd and shadow file and do "mount -o loop,ro myiso.iso /etc".
Well, that shut me up. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, 2006-05-12 at 16:50 +0200, Robert Schiele wrote:
Security problem. Consider you could do this: Create an image with passwd and shadow file and do "mount -o loop,ro myiso.iso /etc".
Not if mount checked that you had write permission to the directory (not that mount checks that now, but it would make more sense if it just did a permission check on the mount point, not insist that you be root).
On Fri, May 12, 2006 at 06:05:03PM -0400, Tom Horsley wrote:
Not if mount checked that you had write permission to the directory (not that mount checks that now, but it would make more sense if it just did a permission check on the mount point, not insist that you be root).
Hmm, people seem to insist in creating security flaws: $ mount -o loop myext2image /tmp [ wait some time and steal privacy data of your colleagues. ] Robert -- Robert Schiele Tel.: +49-621-181-2214 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de "Quidquid latine dictum sit, altum sonatur."
I think it is wrong to run a script that does no system changed to run as root. I don't understand why `mount -o loop` can not be done as user. That would be the more correct question. I can download an iso, burn it and read the content as user. I can not download the iso and mount the iso.
While I personally think running such a script as this should be done as user, I wouldn't get stuck at sudo. I also see that it is not possible to run this script as user, because it needs to mount ISO images. Using other programs to copy out the files from the ISO image is a bad idea IMHO. Personally I thnk having a script which turns the 5 CDs (plus/minus any other packages) into a functional SUSE DVD is well worth having, and thanks for all the work on it. Whether the script can be run as !root is something I don't care about right now. A functional script is much more valuable. I would suggest you do either/some of these: 1) Insert information into --help which states what lines to put into sudo's config to make it work with sudo, and what the implications are. 2) Mention in --help that the script must be run as root to be able to copy out the contents from ISO images. 3) Suggest a line in --help to be put into /etc/fstab, which allows any user to mount any ISO image from a defined public place at a predefined mount point. MAKE SURE(!) that dev,suid are on and auto is off on the mount options. You might find other options useful too.
Also now it is proven that I can copy the content of the iso to anywhere, it is strange that loop demands this. I believe it is not so much sudoers that must be changed, it is loop that must be changed.
You don't understand the loop mechanism. In *ix, mounting a filesystem is a priviledged operation, and with darn good reason. The mounting of your removable media is done by root, and controlled with suitable mount options as I outlined above. This prevents users from burning a SUID root shell to a CD and inserting into into a Linux box for a quick root. Under specific conditions, mount is permitted by non-root. The conditions are: user, users, or group are specified (and their condition match), the device is specified, and the mount point is specified. You can not relax on the last two conditions, as doing so would allow $USER to mount their USB gimmick on /bin and sitting back to watch the entertainment. All that loop does is turning a file into a block device, because that's the only thing you can mount. The mount command calls losetup in the background for you, after having found itself a free loop device (/dev/loop*). Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
On Sat, May 13, 2006 at 02:18:33PM +1200, Volker Kuhlmann wrote:
1) Insert information into --help which states what lines to put into sudo's config to make it work with sudo, and what the implications are.
The only thing I could put in it is to look at `man sudoers` and such.
2) Mention in --help that the script must be run as root to be able to copy out the contents from ISO images.
With 0.30 sudo does not do that anymore.
3) Suggest a line in --help to be put into /etc/fstab, which allows any user to mount any ISO image from a defined public place at a predefined mount point. MAKE SURE(!) that dev,suid are on and auto is off on the mount options. You might find other options useful too.
In no way am I going to sugest such a thing.
Also now it is proven that I can copy the content of the iso to anywhere, it is strange that loop demands this. I believe it is not so much sudoers that must be changed, it is loop that must be changed.
You don't understand the loop mechanism.
Indeed I don't and I don't understand a lot else. That is the reason I am not going to tell others to change anything else on their machine that can be a security issue. However the point is moot as with 0.30 only installing stuff needs sudo. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hello, Am Samstag, 13. Mai 2006 04:18 schrieb Volker Kuhlmann:
3) Suggest a line in --help to be put into /etc/fstab, which allows any user to mount any ISO image from a defined public place at a predefined mount point. MAKE SURE(!) that dev,suid are on and auto is off on the mount options. You might find other options useful too.
suid-root bash inside an ISO anybody? ;-) Or do you prefer a writeable "b 3 0" device? (aka /dev/hda)? Sorry, but this isn't a good idea. Without dev and suid (mount options loop,ro,user) I currently don't see a security problem - but I can't guarantee I haven't overlooked something. Regards, Christian Boltz -- Wo steht der Server eigentlich? Kann den die Putzfrau treten? Oder mal mit dem Staubsauger überfahren? Denen fallen ab und an Gemeinheiten ein auf die ein Normalsterblicher nie kommen würde. :\ [Daniel Lord in suse-linux]
predefined mount point. MAKE SURE(!) that dev,suid are on and auto is off on the mount options. You might find other options useful too.
Arrgh, I meant them to be off of course. Damn negatives. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
Hi, On Sun, 14 May 2006, Volker Kuhlmann wrote:
predefined mount point. MAKE SURE(!) that dev,suid are on and auto is off on the mount options. You might find other options useful too.
Arrgh, I meant them to be off of course. Damn negatives.
But your arguments were fully clear already. Cheers -e -- Eberhard Moenkeberg (emoenke@gwdg.de, em@kki.org)
Hi, is it possible to integrate also the Add-On-CD in the created DVD or does it work only with the normal 5 SL 10.1-install-CDs? Thanks a lot, -- Chau y hasta luego, Thorolf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
is it possible to integrate also the Add-On-CD in the created DVD or does it work only with the normal 5 SL 10.1-install-CDs?
I have used it for all 6 CD's and a few other rpm's that I want on the DVD and it worked perfectly. Look at opensuse@opensuse.org. Someone posted how they did it as well. Good Luck, - -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFEZ7DzVtBjDid73eYRAnkwAJ4iW0Y5IvfV021L9LTodV7Kgf/8CACff/0t GNr3evZOxIa/+P6aNVlW00o= =8MND -----END PGP SIGNATURE-----
On Sun, May 14, 2006 at 11:31:01PM +0200, Thorolf Godawa wrote:
Hi,
is it possible to integrate also the Add-On-CD in the created DVD or does it work only with the normal 5 SL 10.1-install-CDs?
You can add it. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Mon, 2006-05-15 at 00:39 +0200, houghi wrote:
On Sun, May 14, 2006 at 11:31:01PM +0200, Thorolf Godawa wrote:
Hi,
is it possible to integrate also the Add-On-CD in the created DVD or does it work only with the normal 5 SL 10.1-install-CDs?
You can add it.
Quick question while on the subject. As I have the factory tree downloaded and I know I can add additional rpm packages will the makeSUSEdvd take duplicate RPM's from different sources into account. What I am looking to do is create one source on my local network to install from that has all of the packages including the extra packages in the factory tree and the non-oss stuff and really don't want to end up with dups. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Hi, On Sun, 14 May 2006, Kenneth Schneider wrote:
On Mon, 2006-05-15 at 00:39 +0200, houghi wrote:
On Sun, May 14, 2006 at 11:31:01PM +0200, Thorolf Godawa wrote:
is it possible to integrate also the Add-On-CD in the created DVD or does it work only with the normal 5 SL 10.1-install-CDs?
You can add it.
Quick question while on the subject. As I have the factory tree downloaded and I know I can add additional rpm packages will the makeSUSEdvd take duplicate RPM's from different sources into account. What I am looking to do is create one source on my local network to install from that has all of the packages including the extra packages in the factory tree and the non-oss stuff and really don't want to end up with dups.
You can add it. find <top> -name '*.rpm' | sort >list sort -u list >list.sorted diff <options> list list.sorted shows the "double" RPMs. Cheers -e -- Eberhard Moenkeberg (emoenke@gwdg.de, em@kki.org)
On Sun, May 14, 2006 at 07:49:16PM -0400, Kenneth Schneider wrote:
Quick question while on the subject.
I don't see a questionmark, so I can only guess at what the answer will be
As I have the factory tree downloaded and I know I can add additional rpm packages will the makeSUSEdvd take duplicate RPM's from different sources into account.
It does not take duplicate RPMs into account. It simply copies the content of the directory that you mention into the suse directory. What I do is use /usr/src/packages/RPMS as default and here as example: houghi@penne : tree -d /usr/src/packages/RPMS/ /usr/src/packages/RPMS/ |-- athlon |-- i386 |-- i486 |-- i586 |-- i686 `-- noarch Place the RPM's in those directories. If they are duplicate, they should be overwritten. I also do a `createrepo /usr/src/packages/RPMS/` so I also have the createrepo directory and data on my DVD.
What I am looking to do is create one source on my local network to install from that has all of the packages including the extra packages in the factory tree and the non-oss stuff and really don't want to end up with dups.
As they should be overwritten, you can just use the `makeSUSEdvd -i -d /srv/www/htdocs/suse10.1` command to place them on your website (Or use any other directory if you want) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hi, thanks for all answers, it is possible :-)
is it possible to integrate also the Add-On-CD in the created DVD or does it work only with the normal 5 SL 10.1-install-CDs? You can add it. But, now in my grub-menu it says "SuSE Linux 10.1 Add-On" and for installation the system also asks me for the "Add-On"-CD.
It's only a "cosmetical" problem because everything is working anyway, but is there a way to change it? -- Chau y hasta luego, Thorolf
On Thu, May 18, 2006 at 10:44:07AM +0200, Thorolf Godawa wrote:
But, now in my grub-menu it says "SuSE Linux 10.1 Add-On" and for installation the system also asks me for the "Add-On"-CD.
It's only a "cosmetical" problem because everything is working anyway, but is there a way to change it?
That is solved in 0.31 wich I might publish later today. What you put in your grub can be easily changed by editing /boot/grub/menu.lst -- houghi http://houghi.org http://www.plainfaqs.org/linux/ http://www.netmeister.org/news/learn2quote.html
Today I went outside. My pupils have never been tinier...
Am Montag, 8. Mai 2006 19:16 schrieb houghi:
On Mon, May 08, 2006 at 06:27:16PM +0200, Marcus Meissner wrote:
I have brought "PUT_KEY_IN_INITRD" down a few lines. "PUT_KEY_IN_INITRD" uses the variable $LOCAL_KEY, so it might be better to use it after $LOCAL_KEY is calculated.
Yes, I had a "LOCAL_KEY=0x...." at the beginning of the script.
Here lies already part of the solution. My key would be 08AD8FC5 and not 0x08AD8FC5. So I added the following line right after LOCAL_KEY=`gpg ... LOCAL_KEY=0x${LOCAL_KEY}
I now get the following error: Cannot solve dependencies automatically. Manual intevention is required. * Standard System with GNOME (47.3 MB total) This is only because you did not use all CDs.
Adding the LOCAL_KEY manually works for me. Hougi: Perhaps it's best to ask the user for the key, then eventually check, if the given key is in gpg --list-secret-keys to avoid typos -- Mit freundlichen Grüßen, Marcel Hilzinger Linux New Media AG Süskindstr. 4 D-81929 München Tel: +49 (89) 99 34 11 0 Fax: +49 (89) 99 34 11 99
On Mon, May 08, 2006 at 07:30:34PM +0200, Marcel Hilzinger wrote:
This is only because you did not use all CDs.
I know.
Adding the LOCAL_KEY manually works for me.
Indeed, as does calculating it correctly.
Hougi: Perhaps it's best to ask the user for the key, then eventually check, if the given key is in gpg --list-secret-keys to avoid typos
This will most likely cause more problems and confusion then it solves. People will enter the wrong one or misread or just do not know what to do. Before this, I never used gpg and I asume many others are the same. Say if the script asked for the key, I would have no idea what to enter. I will now look into the possibilaty that you can select a specific key and some other changes to the script. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Mon, May 08, 2006 at 07:53:41PM +0200, houghi wrote:
On Mon, May 08, 2006 at 07:30:34PM +0200, Marcel Hilzinger wrote:
This is only because you did not use all CDs.
I know.
Adding the LOCAL_KEY manually works for me.
Indeed, as does calculating it correctly.
Hougi: Perhaps it's best to ask the user for the key, then eventually check, if the given key is in gpg --list-secret-keys to avoid typos
This will most likely cause more problems and confusion then it solves. People will enter the wrong one or misread or just do not know what to do.
Before this, I never used gpg and I asume many others are the same. Say if the script asked for the key, I would have no idea what to enter.
What about checking, if there is a local secret key, and if not, add the possibility to create one :-) Btw. I do not have any problems with running whole script as root. From the point of userfriendlyness, the first thing the script should do is ask for the root password, if the user is not logged in as root. Keep up the good work Marcel
On Mon, May 08, 2006 at 11:09:13PM +0200, Marcel Hilzinger wrote:
Before this, I never used gpg and I asume many others are the same. Say if the script asked for the key, I would have no idea what to enter.
What about checking, if there is a local secret key, and if not, add the possibility to create one :-)
Yes, that as well.
Btw. I do not have any problems with running whole script as root. From the point of userfriendlyness, the first thing the script should do is ask for the root password, if the user is not logged in as root.
The password is already asked. I just wanted to get a working version online asap. I will see where it goes. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hi Marcus and Houghi,
Here lies already part of the solution. My key would be 08AD8FC5 and not 0x08AD8FC5. So I added the following line right after LOCAL_KEY=`gpg ... LOCAL_KEY=0x${LOCAL_KEY}
I now get the following error: Cannot solve dependencies automatically. Manual intevention is required. * Standard System with GNOME (47.3 MB total)
I am then able to select the software. YEAH!
I followed your communication during the last week. Great job, seems that you fixed the problem. Do you think that the makeSUSEdvd script will now work as well with the goldmaster which will be published this week, too, or are there some further surprises to be expected with the final(?) Greetings, Rainer
On Mon, May 08, 2006 at 07:36:58PM +0200, Rainer Hattenhauer wrote:
Hi Marcus and Houghi, <snip>
Great job, seems that you fixed the problem.
That was all Marcus. I just kept nagging. :-)
Do you think that the makeSUSEdvd script will now work as well with the goldmaster which will be published this week, too, or are there some further surprises to be expected with the final(?)
I would asume that it does, but then that I asumed it every time. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Mon, May 08, 2006 at 07:57:18PM +0200, houghi wrote:
On Mon, May 08, 2006 at 07:36:58PM +0200, Rainer Hattenhauer wrote:
Hi Marcus and Houghi, <snip>
Great job, seems that you fixed the problem.
That was all Marcus. I just kept nagging. :-)
Yeah and I fall for it ;)
Do you think that the makeSUSEdvd script will now work as well with the goldmaster which will be published this week, too, or are there some further surprises to be expected with the final(?)
I would asume that it does, but then that I asumed it every time. :-)
I used RC5/Goldmaster to test. Ciao, Marcus
Hi, hoped that the problem with makeSUSEdvd was solved, but I still ran into problems. The situation: I'm working in an updated suse-factory install (smart update/upgrade) and I'm using the makeSUSEdvd Skript v0.29 which I downloaded from sourceforge. When doing the remastering of the 5 CDs, the script complains about: ... gpg skipped "-a" no secret key ... gpg missing argument for option -u The resulting DVD-iso can be booted whithin VmWare, and for the first time it offers me now a media check for the DVD (iso). But when trying to install, aftre chooseing the KDE Desktop, i still get this "catalog not found" error. Houghi, am i using already the latest version of makeSUSEdvd, or is there still a problem with my gpg-setup? Rainer
On Wed, May 10, 2006 at 10:30:59AM +0200, Rainer Hattenhauer wrote:
Hi,
hoped that the problem with makeSUSEdvd was solved, but I still ran into problems. The situation: I'm working in an updated suse-factory install (smart update/upgrade) and I'm using the makeSUSEdvd Skript v0.29 which I downloaded from sourceforge.
When doing the remastering of the 5 CDs, the script complains about: ... gpg skipped "-a" no secret key ... gpg missing argument for option -u
The resulting DVD-iso can be booted whithin VmWare, and for the first time it offers me now a media check for the DVD (iso). But when trying to install, aftre chooseing the KDE Desktop, i still get this "catalog not found" error.
Houghi, am i using already the latest version of makeSUSEdvd, or is there still a problem with my gpg-setup?
You must create (or already have) a GPG key pair to resign the CD content. gpg --gen-key if you do not have one yet. Ciao, Marcus
Hi Marcus,
You must create (or already have) a GPG key pair to resign the CD content.
gpg --gen-key if you do not have one yet.
Thank you, already thought that might be the problem. Should the key have some special form, i.e. DSA or RSA, 2048 bit etc., or should i take the defaults offered by gpg --keygen? Greetings, Rainer
On Wed, May 10, 2006 at 10:46:29AM +0200, Rainer Hattenhauer wrote:
Hi Marcus,
You must create (or already have) a GPG key pair to resign the CD content.
gpg --gen-key if you do not have one yet.
Thank you, already thought that might be the problem. Should the key have some special form, i.e. DSA or RSA, 2048 bit etc., or should i take the defaults offered by gpg --keygen?
You just need to be able to sign stuff with it, no other requirements I would also strongly suggest to keep the secret key safe. ;) This is because if a user installs from your installation source (DVD or whatever) his system ultimately trusts your key for receiving Online Updates. Ciao, Marcus
On Wed, May 10, 2006 at 10:48:44AM +0200, Marcus Meissner wrote:
This is because if a user installs from your installation source (DVD or whatever) his system ultimately trusts your key for receiving Online Updates.
Oh boy. With all the testing I have added and deleted my keys several times. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Wed, May 10, 2006 at 10:33:05AM +0200, Marcus Meissner wrote:
You must create (or already have) a GPG key pair to resign the CD content.
gpg --gen-key if you do not have one yet.
The new makeSUSEdvd 0.30 Beta is available on houghi.org/script/makeSUSEdvd That one will warn you if you do not have a gpg key and will run gpg --gen-key. It now also has an interactive mode (if you can't remember all the options) and can use makeSUSEdvdrc files. That last part is not yet tested. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Marcus, Houghi: Thank you, now makeSUSEdvd works perfectly with my gpg-Setup. I'm hopefully awaiting the final release tomorrow. @Houghi: I tested the 0.30 beta, too, there were still some "roughness" inside the script, messages like "couldnt set <some option> to "x", so i finally took the 0.29 which went fine for me. Greetings Rainer
On Wed, May 10, 2006 at 08:11:34PM +0200, Rainer Hattenhauer wrote:
@Houghi: I tested the 0.30 beta, too, there were still some "roughness" inside the script, messages like "couldnt set <some option> to "x", so i finally took the 0.29 which went fine for me.
Could you please elaborate on this? What roughness are you talking about? You can always mail me directly. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Could you please elaborate on this? What roughness are you talking about? You can always mail me directly.
I send you asap a copy of a run-through of the skript, just have to reboot... -- ################################### Dr. Rainer Hattenhauer Drosselweg 5 37441 Bad Sachsa fon +4955238122 mail rainer.hattenhauer@t-online.de ###################################
Hi,
@Houghi: I tested the 0.30 beta, too, there were still some "roughness" inside the script, messages like "couldnt set <some option> to "x", so i finally took the 0.29 which went fine for me.
Could you please elaborate on this? What roughness are you talking about?
Excuse me, seems that I did made the last run as normal user and not as root, I tried it again as root, and everything is fine with your new script (stupid me). Perhaps one little "cosmetical" correction: -----------------snip---------------------------------- server:/daten/isos/mastertest # ./makeSUSEdvd_3_0_b -o /daten/isos/DVDtest ./makeSUSEdvd_3_0_b: line 3: BETA: command not found makeSUSEdvd_3_0_b version Software is like a parachute. It doesnt work if it is not open. Putting the DVD ISO in /daten/isos/DVDtest . ----------------snip----------------------------------- line 3: BETA: command not found I think thats because you wrote VERSION=0.30 BETA not in one string Sorry again that I made you nervous, Rainer
On Wed, May 10, 2006 at 08:59:42PM +0200, Rainer Hattenhauer wrote:
Excuse me, seems that I did made the last run as normal user and not as root, I tried it again as root, and everything is fine with your new script (stupid me).
No, everything is NOT fine. It should be run as user, not as root. Please elaborate.
I think thats because you wrote VERSION=0.30 BETA not in one string
Hey. It shows what it says. :-)
Sorry again that I made you nervous,
Please tell me what went wrong as user. As with the SUS people I have rather one message that is due to PEBKAC then to miss one that will have an influence on all other users. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On 10 May 2006 at 21:10, houghi wrote:
On Wed, May 10, 2006 at 08:59:42PM +0200, Rainer Hattenhauer wrote:
Excuse me, seems that I did made the last run as normal user and not as root, I tried it again as root, and everything is fine with your new script (stupid me).
No, everything is NOT fine. It should be run as user, not as root. Please elaborate.
I think thats because you wrote VERSION=0.30 BETA not in one string
Hey. It shows what it says. :-)
LANG=C date Will NOT set $LANG to "C date", but to "C" (and it will start the command "date")! Ulrich
On Thu, May 11, 2006 at 08:38:51AM +0200, Ulrich Windl wrote:
On 10 May 2006 at 21:10, houghi wrote:
On Wed, May 10, 2006 at 08:59:42PM +0200, Rainer Hattenhauer wrote:
Excuse me, seems that I did made the last run as normal user and not as root, I tried it again as root, and everything is fine with your new script (stupid me).
No, everything is NOT fine. It should be run as user, not as root. Please elaborate.
I think thats because you wrote VERSION=0.30 BETA not in one string
Hey. It shows what it says. :-)
LANG=C date
Will NOT set $LANG to "C date", but to "C" (and it will start the command "date")!
I know. It is a simple error in a Beta version, and that is what it says, BETA. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Wed, May 10, 2006 at 08:11:34PM +0200, Rainer Hattenhauer wrote:
@Houghi: I tested the 0.30 beta, too, there were still some "roughness" inside the script, messages like "couldnt set <some option> to "x", so i finally took the 0.29 which went fine for me.
OK I asume you are talking about: chmod: missing operand after `+x' Try `chmod --help' for more information. Cleaning that up. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hello,
OK I asume you are talking about: chmod: missing operand after `+x' Try `chmod --help' for more information.
Cleaning that up.
Excactly, that was the message, but after some further tests, the resulting DVD generated by the updated script seems to be o.k. I will check it today again with the final version of SUSE 10.1, Rainer
On Thu, May 11, 2006 at 07:32:13AM +0200, Rainer Hattenhauer wrote:
Hello,
OK I asume you are talking about: chmod: missing operand after `+x' Try `chmod --help' for more information.
Cleaning that up.
Excactly, that was the message, but after some further tests, the resulting DVD generated by the updated script seems to be o.k. I will check it today again with the final version of SUSE 10.1,
On the 1st CD there is a file `mkbootdisk` that has a chmod +x on it. No idea why, so I just added it, instead of looking what the consequences were if I didn't. I want to change as little as possibel. If it ain't broke, don't fix it. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Fri, Apr 28, 2006 at 09:50:22PM +0200, houghi wrote:
A new version and a new problem. I like these 'feature freezes'. :-/
When running makeSUSEdvd at the 'Installation Settings' I get the partitioning, the Software and the Language. Software tells me: No catalog found at 'cd:///?devices%3d%2fdev%2fhdb'. . Error: No proposal
I have recieved a mail from somebody who did it manually with create_package_descr and got into the same problem.
What has been changed? What can be done to repair the situation?
OK. Some feedback. I have looked and looked at the logfiles. It seems that YaST has some internal file installkey.gpg. From the logfile: 2006-05-02 16:42:55 <1> linux(2393) [wfm] Keyring.cc(ImportGPGKey):50 importing trusted key: /installkey.gpg 2006-05-02 16:42:55 <0> linux(2393) [zypp] ExternalProgram.cc(start_program):170 Executing 'gpg' '--quiet' '--no-tty' '--no-greeting' '--no-permission-warning' '--status-fd' '1' '--homedir' '/var/tmp/TmpDir.EvyXxR' '--import' '/installkey.gpg' As it is internal, my key is not on it (copied the file /installkey.gpg to my current HD) houghi@penne : gpg --import installkey.gpg gpg: key 9C800ACA: "SuSE Package Signing Key <build@suse.de>" not changed gpg: key 3D25D3D9: "SuSE Security Team <security@suse.de>" not changed gpg: key 0DFB3188: "Open Enterprise Server <support@novell.com>" not changed gpg: key 1D061A62: "build@novell.com (Novell Linux Products) <support@novell.com>" not changed gpg: key 307E3D54: "SuSE Package Signing Key <build@suse.de>" not changed gpg: Total number processed: 5 gpg: unchanged: 5 I asume that is the reason the installation stops. So one of two things must be changed. 1) A warning that tells you that the packages are not verified 2) A way to add your signature so that it also is allowed to be used That way people can still do projects like SUPER and SMART and generaly make their own SUSE based distro with create_package_descr The above has also been added to #166011 houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2006-05-05 at 05:22 +0200, houghi wrote:
OK. Some feedback. I have looked and looked at the logfiles. It seems that YaST has some internal file installkey.gpg. From the logfile:
Could it have been created from the "gpg-pubkey-*.asc" files?
houghi@penne : gpg --import installkey.gpg gpg: key 9C800ACA: "SuSE Package Signing Key <build@suse.de>" not changed gpg: key 3D25D3D9: "SuSE Security Team <security@suse.de>" not changed gpg: key 0DFB3188: "Open Enterprise Server <support@novell.com>" not changed gpg: key 1D061A62: "build@novell.com (Novell Linux Products) <support@novell.com>" not changed gpg: key 307E3D54: "SuSE Package Signing Key <build@suse.de>" not changed
5 keys... there are exactly 5 ascii key files also.
So one of two things must be changed. 1) A warning that tells you that the packages are not verified
It will not work, IMO, because remember that I installed telling it to ignore the key, and then after I got the pesky message about the signature every time I run YOU. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEWyHMtTMYHG2NR9URAkDEAJ9IoPs2qONaiWTXG+yT/wsUSHR1dwCfUxjq qeyX8j4HEzB84INCi/TNBrc= =L2+l -----END PGP SIGNATURE-----
On Fri, May 05, 2006 at 11:58:32AM +0200, Carlos E. R. wrote:
The Friday 2006-05-05 at 05:22 +0200, houghi wrote:
OK. Some feedback. I have looked and looked at the logfiles. It seems that YaST has some internal file installkey.gpg. From the logfile:
Could it have been created from the "gpg-pubkey-*.asc" files?
I don't believe so, because my own key is available there: houghi@penne : ls 2/gpg-pubkey-*.asc 2/gpg-pubkey-0dfb3188-41ed929b.asc 2/gpg-pubkey-3d25d3d9-36e12d04.asc 2/gpg-pubkey-1d061a62-427a396f.asc 2/gpg-pubkey-70660424.asc 2/gpg-pubkey-307e3d54-44201d5d.asc 2/gpg-pubkey-9c800aca-40d8063e.asc
From the logfile: [wfm] Packages.ycp:551 Pkg Builtin called: ImportGPGKey [wfm] Keyring.cc(ImportGPGKey):50 importing trusted key: /installkey.gpg <snip>
<snip>
5 keys... there are exactly 5 ascii key files also.
There are 6 *.asc keys.
So one of two things must be changed. 1) A warning that tells you that the packages are not verified
It will not work, IMO, because remember that I installed telling it to ignore the key, and then after I got the pesky message about the signature every time I run YOU.
Then that behavious must also be changed, having an option to ignore it each and every time. Perhaps a warning that says: Hey This is not signed by X. It is signed by Y. Do you trust that? The difference that MIGHT be is that the SUSE keys are "gpg-pubkey-*-*.asc" and mine is "gpg-pubkey-*.asc" houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2006-05-05 at 14:20 +0200, houghi wrote:
5 keys... there are exactly 5 ascii key files also.
There are 6 *.asc keys.
I have five in CD1: gpg-pubkey-0dfb3188-41ed929b.asc gpg-pubkey-1d061a62-427a396f.asc 1007 Apr 26 00:00 gpg-pubkey-307e3d54-44201d5d.asc 613 Apr 26 00:00 gpg-pubkey-3d25d3d9-36e12d04.asc 1694 Apr 26 00:00 gpg-pubkey-9c800aca-40d8063e.asc 2173 Apr 26 00:00
So one of two things must be changed. 1) A warning that tells you that the packages are not verified
It will not work, IMO, because remember that I installed telling it to ignore the key, and then after I got the pesky message about the signature every time I run YOU.
Then that behavious must also be changed, having an option to ignore it each and every time. Perhaps a warning that says: Hey This is not signed by X. It is signed by Y. Do you trust that?
The message does not even say what package has the wrong signature. And it says that before telling it to install anything at all.
The difference that MIGHT be is that the SUSE keys are "gpg-pubkey-*-*.asc" and mine is "gpg-pubkey-*.asc"
Well, then change the pattern ;-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEW+AVtTMYHG2NR9URAnlxAJ90rqUlWT3gdvq/VCbDcCzJ06NQfwCgjkju suNTRO5Q9VVAdWIIJW36+Ew= =RDgd -----END PGP SIGNATURE-----
On Sat, May 06, 2006 at 01:30:28AM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2006-05-05 at 14:20 +0200, houghi wrote:
5 keys... there are exactly 5 ascii key files also.
There are 6 *.asc keys.
I have five in CD1:
gpg-pubkey-0dfb3188-41ed929b.asc gpg-pubkey-1d061a62-427a396f.asc 1007 Apr 26 00:00 gpg-pubkey-307e3d54-44201d5d.asc 613 Apr 26 00:00 gpg-pubkey-3d25d3d9-36e12d04.asc 1694 Apr 26 00:00 gpg-pubkey-9c800aca-40d8063e.asc 2173 Apr 26 00:00
After running http://houghi.org/script/makeSUSEdvd ?
The message does not even say what package has the wrong signature. And it says that before telling it to install anything at all.
This thread is about makeSUSEdvd. It is about making an iso that is bootable. It is not about the standard SUSE iso and then an upgrade from RC2 to RC3. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-05-06 at 01:45 +0200, houghi wrote:
5 keys... there are exactly 5 ascii key files also.
There are 6 *.asc keys.
I have five in CD1:
Notice I say CD1, not DVD.
gpg-pubkey-0dfb3188-41ed929b.asc gpg-pubkey-1d061a62-427a396f.asc 1007 Apr 26 00:00 gpg-pubkey-307e3d54-44201d5d.asc 613 Apr 26 00:00 gpg-pubkey-3d25d3d9-36e12d04.asc 1694 Apr 26 00:00 gpg-pubkey-9c800aca-40d8063e.asc 2173 Apr 26 00:00
After running http://houghi.org/script/makeSUSEdvd ?
Yes, but not today, certainly. I run it when I made the dvd with which I updated from RC2 to RC3 last weekend. I told you about that already. I haven't tried again, I was going to wait for RC4 that now will not exist.
The message does not even say what package has the wrong signature. And it says that before telling it to install anything at all.
This thread is about makeSUSEdvd. It is about making an iso that is bootable. It is not about the standard SUSE iso and then an upgrade from RC2 to RC3.
Of course. That's what I did. I created that DVD and updated with it. And then, every time I fired YOU I got that pesky message about a bad signature that did not say what package or file had a bad signature. The problem stopped when I changed the installation source to the CD.iso for the already installed system. Remember that I asked about that and was told it was a problem with makeSUSEdvd. You said that it did not work, but it has worked for me. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEW+sDtTMYHG2NR9URAo9gAJ4hwuJN91pKsKpjPEY+XT+LK1xFUgCgingA N4cpiRT8QG2mIDXXw54UQsk= =KMCp -----END PGP SIGNATURE-----
On Sat, May 06, 2006 at 02:17:05AM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Saturday 2006-05-06 at 01:45 +0200, houghi wrote:
5 keys... there are exactly 5 ascii key files also.
There are 6 *.asc keys.
I have five in CD1:
Notice I say CD1, not DVD.
Well, if you use the CD, you do not have the problem. I am aware that there are only 5 keys on the CD. The extra I make is alo a CD, not a DVD. <snip>
Remember that I asked about that and was told it was a problem with makeSUSEdvd. You said that it did not work, but it has worked for me.
OK. There are two situations. The first is a new installation. That does not work, because of the signing issue. The second is an update. That gives warnings, because of the signing issue. So even if related, what I focus on now is a new installation. Wether or not solving the new installation will also solve the upgrade issue is something I will look at after the first problem is solved. Sorry, I don't want to blow you off, or say that the other issue is less important. I just want to do them one at a time, so not to confuse things. To be clear, when I am talking here about makeSUSEdvd, I am talking about a new installaion on an empty system where I do a standard new installation, meaning deleting all that is on the HD. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-05-06 at 02:56 +0200, houghi wrote:
There are 6 *.asc keys.
I have five in CD1:
Notice I say CD1, not DVD.
Well, if you use the CD, you do not have the problem. I am aware that there are only 5 keys on the CD. The extra I make is alo a CD, not a DVD.
Ok, maybe we are not understanding each other well. I see you goal; what I intended to mean is that the original CD from which the DVD is made has 5 keys, the same number as the '/installkey.gpg' has (from your log excerpt). Thus, my logic was, although hinted, not explicitly said, that if you added your key as an *.asc file in the same format and appearance, it would perhaps makes its way into the '/installkey.gpg' file. That's what I meant. ...
Sorry, I don't want to blow you off, or say that the other issue is less important. I just want to do them one at a time, so not to confuse things.
I think so, too. I was just trying to help. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEXIAgtTMYHG2NR9URAqjRAJ9YEBi3SJqN1e8bCItbGRhYczqtVgCffTHv 5B3YbIol0saPIoJ3INMIRgY= =gQCf -----END PGP SIGNATURE-----
On Sat, May 06, 2006 at 12:53:19PM +0200, Carlos E. R. wrote:
I see you goal; what I intended to mean is that the original CD from which the DVD is made has 5 keys, the same number as the '/installkey.gpg' has (from your log excerpt). Thus, my logic was, although hinted, not explicitly said, that if you added your key as an *.asc file in the same format and appearance, it would perhaps makes its way into the '/installkey.gpg' file.
That's what I meant.
Ok. Now it is clear.
I think so, too. I was just trying to help.
Thanks. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
participants (19)
-
Anders Norrbring -
Andras Mantia -
Boyd Lynn Gerber -
Carlos E. R. -
Christian Boltz -
Eberhard Moenkeberg -
houghi -
Jan Karjalainen -
jdd -
Kenneth Schneider -
Marcel Hilzinger -
Marcus Meissner -
mhilzinger@linuxnewmedia.de
-
Rainer Hattenhauer -
Robert Schiele -
Thorolf Godawa -
Tom Horsley -
Ulrich Windl -
Volker Kuhlmann