Hi all,
as promised some time ago, I have updated opensuse.org with information on how
we are securing installation sources from SUSE Linux 10.1 on.
There are some additions on
http://www.opensuse.org/Installation_Sources
and a new page at
http://www.opensuse.org/Secure_Installation_Sources
These pages will be updated as soon as I have more details on how you can
generate your own secure sources.
Cheers
Joachim
--
Joachim Werner
On Tue, Apr 25, 2006 at 10:06:54PM +0200, Joachim Werner wrote:
Hi all,
as promised some time ago, I have updated opensuse.org with information on how we are securing installation sources from SUSE Linux 10.1 on.
There are some additions on
I see with createrepo the usage as: # cd /srv/www/htdocs/suse/ # createrepo RPMS Is it not better to simply do: # createrepo /srv/www/htdocs/suse/RPMS Also normaly RPMS files are stored by default in /usr/src/packages/RPMS/*. Will see how I can add that. It also reminded me that I must edit content a bit more with makeSUSEdvd I will do some other changes. like the link to create_package_descr. Easier would be to point it to the rpm or to both.
and a new page at
http://www.opensuse.org/Secure_Installation_Sources
These pages will be updated as soon as I have more details on how you can generate your own secure sources.
That second one is very interesting and I look forward to see it when complete. Thanks. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
and a new page at
http://www.opensuse.org/Secure_Installation_Sources
These pages will be updated as soon as I have more details on how you can generate your own secure sources.
That second one is very interesting and I look forward to see it when complete. Thanks.
It should basically work as-is already... I hope. We have turned on the package signature verification checks again, so you will likely see interesting popups/dialogs again for RC3. Ciao, Marcus
On Tue, 25 Apr 2006, houghi wrote:
as promised some time ago, I have updated opensuse.org with information on how we are securing installation sources from SUSE Linux 10.1 on.
There are some additions on
I see with createrepo the usage as: # cd /srv/www/htdocs/suse/ # createrepo RPMS
Is it not better to simply do: # createrepo /srv/www/htdocs/suse/RPMS
Correct.
Also normaly RPMS files are stored by default in /usr/src/packages/RPMS/*. Will see how I can add that.
It's a wiki -- just go ahead and fix it! Regards Christoph
On Thu, Apr 27, 2006 at 11:48:44AM +0200, Christoph Thiel wrote:
Is it not better to simply do: # createrepo /srv/www/htdocs/suse/RPMS
Correct.
Fixed on the page.
Also normaly RPMS files are stored by default in /usr/src/packages/RPMS/*. Will see how I can add that.
It's a wiki -- just go ahead and fix it!
:-) Looked at it and it might then need an extra chapter. I will see what I can do, because then you would also add some information to FTP and WWW. So a question. Which one is better: ln -s /usr/src/packages/RPMS /srv/www/htdocs/RPMS and place all in www or ln -s /srv/www/htdocs/RPMS /usr/src/packages/RPMS and place all in packages. I imagine the second, because then you can also easily symlink FTP, or am I making some stupid mistake here? I understand that you could change the web or FTP server to point to /usr/src/packages/RPMS. That is not the correct place to explain this. houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hi, On Thursday, April 27, 2006 at 14:21:05, houghi wrote:
On Thu, Apr 27, 2006 at 11:48:44AM +0200, Christoph Thiel wrote:
Is it not better to simply do: # createrepo /srv/www/htdocs/suse/RPMS
Correct.
Fixed on the page.
Also normaly RPMS files are stored by default in /usr/src/packages/RPMS/*. Will see how I can add that.
It's a wiki -- just go ahead and fix it!
:-) Looked at it and it might then need an extra chapter. I will see what I can do, because then you would also add some information to FTP and WWW.
Please dont. This is not documentation on how you setup a FTP or HTTP installation server. This is documentation about how you create a installation source. I chose the www directory as example because it makes sense. Not because this is how you should do it. If you want to write a howto on setting up an installation server, do that. But not inside this document. In general its a good idea if you write documentation to stay on topic and dont follow down every road. You will only create uncertainty. Rather cross reference with other docu. Please follow the KISS principle. Kepp it Simple, Stupid. Henne -- Henne Vogelsang, Core Services "Rules change. The Game remains the same." - Omar (The Wire)
On Fri, Apr 28, 2006 at 12:03:09PM +0200, Henne Vogelsang wrote:
Looked at it and it might then need an extra chapter. I will see what I can do, because then you would also add some information to FTP and WWW.
Please dont. This is not documentation on how you setup a FTP or HTTP installation server. This is documentation about how you create a installation source. I chose the www directory as example because it makes sense. Not because this is how you should do it. If you want to write a howto on setting up an installation server, do that. But not inside this document.
If you read the rest, I hope you understand I have the same sentiment. However for you the HTTP as an example makes sence. For me using /usr/src/packages/RPMS makes more sence, because that is where these things are. And still I am curious what is better. Place them in /usr and symlink to /srv or place them in /srv and symlink to /usr houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
Hi, On Friday, April 28, 2006 at 13:22:26, houghi wrote:
On Fri, Apr 28, 2006 at 12:03:09PM +0200, Henne Vogelsang wrote:
Looked at it and it might then need an extra chapter. I will see what I can do, because then you would also add some information to FTP and WWW.
Please dont. This is not documentation on how you setup a FTP or HTTP installation server. This is documentation about how you create a installation source. I chose the www directory as example because it makes sense. Not because this is how you should do it. If you want to write a howto on setting up an installation server, do that. But not inside this document.
If you read the rest, I hope you understand I have the same sentiment. However for you the HTTP as an example makes sence. For me using /usr/src/packages/RPMS makes more sence, because that is where these things are.
Ok then just use that as example directory.
And still I am curious what is better. Place them in /usr and symlink to /srv or place them in /srv and symlink to /usr
This is were you step in the realm of an installation server and leave the realm of installation sources. It does not matter where the installation source is located on your disk. The directory is just an example. As apache2 in the default configuration does not follow symlinks and especially does not follow symlinks outside of the document root placing the packages in /srv and make /usr/src/packages a link is the better choice. Henne -- Henne Vogelsang, Core Services "Rules change. The Game remains the same." - Omar (The Wire)
On Fri, Apr 28, 2006 at 01:33:28PM +0200, Henne Vogelsang wrote:
If you read the rest, I hope you understand I have the same sentiment. However for you the HTTP as an example makes sence. For me using /usr/src/packages/RPMS makes more sence, because that is where these things are.
Ok then just use that as example directory.
OK.
And still I am curious what is better. Place them in /usr and symlink to /srv or place them in /srv and symlink to /usr
This is were you step in the realm of an installation server and leave the realm of installation sources. It does not matter where the installation source is located on your disk. The directory is just an example.
I understand that. It is also nice to have a functional and usable directory. I know that I can use /some/radom/directory as well.
As apache2 in the default configuration does not follow symlinks and especially does not follow symlinks outside of the document root placing the packages in /srv and make /usr/src/packages a link is the better choice.
I would disagree, becaus ethen you will have the same dat two times on your HD. If you also want it with FTP, perhaps three times. Don't worry, I have no intention in adding a Apache-Howto to the page. If the explanation is longer then one line, a link to the apropriate place will be used. To know where to link to and to know what to put in that link, it wuld be nice to have the correct info. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau
On Tuesday 25 April 2006 22:06, Joachim Werner wrote:
as promised some time ago, I have updated opensuse.org with information on how we are securing installation sources from SUSE Linux 10.1 on.
There are some additions on
http://www.opensuse.org/Installation_Sources
and a new page at
http://www.opensuse.org/Secure_Installation_Sources
These pages will be updated as soon as I have more details on how you can generate your own secure sources.
I was wondering, is rug/zen supposed to support "real" YaST sources? Is this repodevelopment related to this bug? https://bugzilla.novell.com/show_bug.cgi?id=168358 cb400f
participants (6)
-
Christoph Thiel -
Henne Vogelsang -
houghi -
Joachim Werner -
Marcus Meissner -
Martin Schlander