[opensuse-packaging] Yast not adding repository key
Hello! I'm having some troubles creating a package repository to be imported via zypper/yast. I'm able to build RPMs, sign them, produce repodata directory and sign the repomd.xml file. The files: "filelists.xml.gz", "other.xml.gz", "primary.xml.gz", "repomd.xml", "repomd.xml.asc", "repomd.xml.key" are present. The problem arises when I try to add my repo in yast. Upon refresh it complains that repomd.xml is signed with unknown key and that "a trust relationship to the creator of the file cannot be established ". However, as I've stated above, repomd.xml.key file is present in the repodata directory. Is this the file it's supposed to be looking for or am I wrong? Consequently if I continue and add my repo no key is added, like it does say for a Packman repo, and thus package verification fails upon installation. Adding the key manually through yast of with rpm --import fixes the problem. - What am I missing? - What do I have to do for yast to start recognizing the key and offer me to import it? - Is it sane to offer our users to import the key manually? - Any resource to read upon this topic? Some extra info: - Not using OBS for internal reasons. Company policy. - My key is not itself signed, so there is no chain of trust. (I this important in my case?) Any input highly appreciated. Thanks! -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
I've figured it out! The repomd.xml.asc file contained a message part and not just the key. I've removed the message and now it works. Sorry for bothering you =) On 12/6/18 12:42 PM, Jurijs Klopovskis wrote:
Hello!
I'm having some troubles creating a package repository to be imported via zypper/yast.
I'm able to build RPMs, sign them, produce repodata directory and sign the repomd.xml file. The files: "filelists.xml.gz", "other.xml.gz", "primary.xml.gz", "repomd.xml", "repomd.xml.asc", "repomd.xml.key" are present.
The problem arises when I try to add my repo in yast. Upon refresh it complains that repomd.xml is signed with unknown key and that "a trust relationship to the creator of the file cannot be established ". However, as I've stated above, repomd.xml.key file is present in the repodata directory. Is this the file it's supposed to be looking for or am I wrong?
Consequently if I continue and add my repo no key is added, like it does say for a Packman repo, and thus package verification fails upon installation. Adding the key manually through yast of with rpm --import fixes the problem.
- What am I missing?
- What do I have to do for yast to start recognizing the key and offer me to import it?
- Is it sane to offer our users to import the key manually?
- Any resource to read upon this topic?
Some extra info:
- Not using OBS for internal reasons. Company policy.
- My key is not itself signed, so there is no chain of trust. (I this important in my case?)
Any input highly appreciated.
Thanks!
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (1)
-
Jurijs Klopovskis