[opensuse-project] new security checks of the installation media for 11.1
I'm the present maintainer of makeSUSEdvd[0] and am trying to figure out what's changed between the release of 11.1a2 and 11.1 that results in broken ISOs. Previously, makeSUSEdvd was able to take the contents of any of the release DVDs, allow extra packages/patterns to be added and, after the contents file was updated and signed, would create a bootable ISO that allowed installation without complaints. However, there was a change somewhere between alpha 2 and gold master, and this is no longer the case. Now, although the contents file on the DVD is signed, the installation routines check the contents file on the new image, claim it isn't signed and so aborts the installation. So, if anyone has any helpful pointers as to what needs to be done to satisfy the new 11.1 security checks, they would be most helpful. [0] built packages are here: <URL:http://download.opensuse.org/repositories/home:/davjam79/openSUSE_11.1/noarch/> <URL:http://download.opensuse.org/repositories/home:/davjam79/openSUSE_11.0/noarch/> <URL:http://download.opensuse.org/repositories/home:/davjam79/openSUSE_10.3/noarch/> Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Tue, Jan 06, 2009 at 01:29:56PM +0000, David Bolt wrote:
I'm the present maintainer of makeSUSEdvd[0] and am trying to figure out what's changed between the release of 11.1a2 and 11.1 that results in broken ISOs.
Previously, makeSUSEdvd was able to take the contents of any of the release DVDs, allow extra packages/patterns to be added and, after the contents file was updated and signed, would create a bootable ISO that allowed installation without complaints.
However, there was a change somewhere between alpha 2 and gold master, and this is no longer the case. Now, although the contents file on the DVD is signed, the installation routines check the contents file on the new image, claim it isn't signed and so aborts the installation.
So, if anyone has any helpful pointers as to what needs to be done to satisfy the new 11.1 security checks, they would be most helpful.
It would help to see the error messages and logs from YaST or Linuxrc that you get, and also the contents of your DVD (at least ls -lR if you cannot host the entire thing). If you make a bugzilla entry for yourself, (product opensuse.org, component 3rd party sw), we can use attachments and invite people who are not on this list. -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thu, 8 Jan 2009, Martin Vidner wrote:- <snip> With the help of some posts made in the "Signing a dud" thread in the opensuse-factory mailing list, I found the problem. I made the mistake of adding the keys to the pubring.gpg key-ring and then adding that to initrd, assuming that all the key-rings contained within the initrd would be imported as they had been previously. The fix was to add the keys to the installkey.gpg key-ring inside the initrd. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Tue, 13 Jan 2009, David Bolt wrote:-
On Thu, 8 Jan 2009, Martin Vidner wrote:-
<snip>
With the help of some posts made in the "Signing a dud" thread in the ^^^^^^^^^^^^^^^ That should read "How to sign a dud?"
Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (2)
-
David Bolt -
Martin Vidner