I'm having some troubles creating a package repository to be imported
I'm able to build RPMs, sign them, produce repodata directory and sign
the repomd.xml file. The files: "filelists.xml.gz", "other.xml.gz",
"primary.xml.gz", "repomd.xml", "repomd.xml.asc", "repomd.xml.key" are
The problem arises when I try to add my repo in yast. Upon refresh it
complains that repomd.xml is signed with unknown key and that "a trust
relationship to the creator of the file cannot be established ".
However, as I've stated above, repomd.xml.key file is present in the
repodata directory. Is this the file it's supposed to be looking for or
am I wrong?
Consequently if I continue and add my repo no key is added, like it does
say for a Packman repo, and thus package verification fails upon
installation. Adding the key manually through yast of with rpm --import
fixes the problem.
- What am I missing?
- What do I have to do for yast to start recognizing the key and offer
me to import it?
- Is it sane to offer our users to import the key manually?
- Any resource to read upon this topic?
Some extra info:
- Not using OBS for internal reasons. Company policy.
- My key is not itself signed, so there is no chain of trust. (I this
important in my case?)
Any input highly appreciated.
To unsubscribe, e-mail: opensuse-packaging+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-packaging+owner(a)opensuse.org