On Fri, 2010-11-12 at 12:05 +0100, Marcus Meissner wrote:
On Fri, Nov 12, 2010 at 11:39:09AM +0100, Roger Oberholtzer wrote:
On Fri, 2010-11-12 at 11:15 +0100, christian schmitt wrote:
On 11/12/2010 11:06 AM, Roger Oberholtzer wrote:
I am trying to run zypper in a non-interactive script. I have an issue with keys for repos I add and then use:
New repository or package signing key received: Key ID: CC7F07489591C39B Key Name: Application:Geo OBS Project <Application:Geo@build.opensuse.org> Key Fingerprint: 195E211106BC205D2A9C2222CC7F07489591C39B Repository: openSUSE BuildService - Application:Geo
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): r Warning: Disabling repository 'openSUSE BuildService - Application:Geo' because of the above error.
I looked at the man page (the whole thing this time) and do not see (recognize) an option to tell zypper to accept the keys. It just takes the default option, which is to reject them. Is there a way yo have zypper accept them that can be enabled via the command line?
Hi,
found this in the man page.
--gpg-auto-import-keys If new repository signing key is found, do not ask what to do; trust and import it automatically. This option causes that the new key is imported also in non-interactive mode, where it would otherwise got rejected.
But I never used it.
That looks like the ticket. However, I should have mentioned that this needs to run on an out-of-the-box openSUSE 11.2 as well as newer. I only see this option:
--no-gpg-checks Ignore GPG check failures and continue. If a GPG issue occurs when using this option zypper prints and logs a warning and automatically continues without interrupting the operation. Use this option with caution, as you can easily overlook security problems by using it.
Maybe this is useful anyway. The key acceptance will wait for an interactive session.
You should only import the key once and then not use those insecure options.
The "import key once" step can be done non-automated.
The --no-gpg-checks seems to have achieved the desired result: I can add a repo and use it in a script. The repos are added permanently. By using --no-gpg-checks instead of --gpg-auto-import-keys in my script, the keys are only accepted in my script. They are not accepted for all time. I guess that is what you meant by "import key once"? -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org