Packman and certificates
If I download a package from Packman and install it directly, I get this warning: libvo-amrwbenc0-0.1.3-pm151.1.4.x86_64 (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available] Of course if I add the repository this is all managed. But if I want to just install the RPM direct, is there a package with the certificates that I can install so this message is not given? -- Roger Oberholtzer
On 31/05/2021 09.54, Roger Oberholtzer wrote:
If I download a package from Packman and install it directly, I get this warning:
libvo-amrwbenc0-0.1.3-pm151.1.4.x86_64 (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available]
Of course if I add the repository this is all managed. But if I want to just install the RPM direct, is there a package with the certificates that I can install so this message is not given?
Now, this is an interesting question. I just looked at man zypper, and did not find a way to export gpg keys, with the intention to import them again on rpm command. There is "/var/cache/zypp/pubkeys/", but it is empty. Of course, if you know the identifier of a key and it is published, you could download it from the gpg servers. rpm has the command "rpmkeys" to handle keys. --import and --checksig, that's all. display imported keys: rpm -qa gpg-pubkey* But it does not say who each key belongs to. Ah, "rpm -qi key", with a key obtained in the previous command, gives info on the key and displays the key block itself. And "rpm -qf key" tries to print where the key is saved: Telcontar:/var/cache/zypp # rpm -qf gpg-pubkey-eefefde9-58999f26 error: file /var/cache/zypp/gpg-pubkey-eefefde9-58999f26: No such file or directory Telcontar:/var/cache/zypp # Telcontar:/var/cache/zypp # ls /var/cache/zypp/gpg-pubkey* ls: cannot access '/var/cache/zypp/gpg-pubkey*': No such file or directory cer@Telcontar:~> zypper search --installed-only gpg-pubkey* Loading repository data... Reading installed packages... No matching items found. cer@Telcontar:~> There is "openSUSE-build-key" package, though (Summary: The public gpg keys for rpm package signature verification). It contains: /usr/lib/rpm/gnupg /usr/lib/rpm/gnupg/dumpsigs /usr/lib/rpm/gnupg/keys /usr/lib/rpm/gnupg/keys/gpg-pubkey-307e3d54-5aaa90a5.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5847eb1f.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc /usr/share/doc/packages/openSUSE-build-key /usr/share/doc/packages/openSUSE-build-key/security_at_suse_de.asc /usr/share/doc/packages/openSUSE-build-key/security_at_suse_de_old.asc So, /usr/lib/rpm/gnupg/keys contains keys, Three keys in my case. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
:| On 5/31/21 5:23 AM, Carlos E. R. wrote:
On 31/05/2021 09.54, Roger Oberholtzer wrote:
If I download a package from Packman and install it directly, I get this warning:
libvo-amrwbenc0-0.1.3-pm151.1.4.x86_64 (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available]
Of course if I add the repository this is all managed. But if I want to just install the RPM direct, is there a package with the certificates that I can install so this message is not given?
Now, this is an interesting question.
I just looked at man zypper, and did not find a way to export gpg keys, with the intention to import them again on rpm command.
There is "/var/cache/zypp/pubkeys/", but it is empty.
Of course, if you know the identifier of a key and it is published, you could download it from the gpg servers.
rpm has the command "rpmkeys" to handle keys. --import and --checksig, that's all.
display imported keys:
rpm -qa gpg-pubkey*
But it does not say who each key belongs to. Ah, "rpm -qi key", with a key obtained in the previous command, gives info on the key and displays the key block itself. And "rpm -qf key" tries to print where the key is saved:
Telcontar:/var/cache/zypp # rpm -qf gpg-pubkey-eefefde9-58999f26 error: file /var/cache/zypp/gpg-pubkey-eefefde9-58999f26: No such file or directory Telcontar:/var/cache/zypp #
Telcontar:/var/cache/zypp # ls /var/cache/zypp/gpg-pubkey* ls: cannot access '/var/cache/zypp/gpg-pubkey*': No such file or directory
cer@Telcontar:~> zypper search --installed-only gpg-pubkey* Loading repository data... Reading installed packages... No matching items found. cer@Telcontar:~>
There is "openSUSE-build-key" package, though (Summary: The public gpg keys for rpm package signature verification). It contains:
/usr/lib/rpm/gnupg /usr/lib/rpm/gnupg/dumpsigs /usr/lib/rpm/gnupg/keys /usr/lib/rpm/gnupg/keys/gpg-pubkey-307e3d54-5aaa90a5.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5847eb1f.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc /usr/share/doc/packages/openSUSE-build-key /usr/share/doc/packages/openSUSE-build-key/security_at_suse_de.asc /usr/share/doc/packages/openSUSE-build-key/security_at_suse_de_old.asc
So, /usr/lib/rpm/gnupg/keys contains keys, Three keys in my case.
Am Mon, 31 May 2021 09:54:40 +0200
schrieb Roger Oberholtzer
Of course if I add the repository this is all managed. But if I want to just install the RPM direct, is there a package with the certificates that I can install so this message is not given?
# curl -RLO http://ftp.fau.de/packman/suse/openSUSE_Leap_15.1/repodata/repomd.xml.key # gpg --show-key repomd.xml.key # rpm --import repomd.xml.key Olaf
On Mon, May 31, 2021 at 11:02 PM Olaf Hering
Am Mon, 31 May 2021 09:54:40 +0200 schrieb Roger Oberholtzer
: Of course if I add the repository this is all managed. But if I want to just install the RPM direct, is there a package with the certificates that I can install so this message is not given?
# curl -RLO http://ftp.fau.de/packman/suse/openSUSE_Leap_15.1/repodata/repomd.xml.key # gpg --show-key repomd.xml.key # rpm --import repomd.xml.key
I think it worked. The gpg command, which I guess is just checking the
key file, seems to have a slightly different syntax. It listed the
following (but still seemed to accept the file contents):
# gpg --show-key repomd.xml.key
gpg: WARNING: "--show-keyring" is a deprecated option
gpg: please use "--list-options show-keyring" instead
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096 2006-09-18 [SC] [expires: 2024-09-12]
F8875B880D518B6B8C530D1345A1D0671ABD1AFB
uid PackMan Project (signing key)
Olaf
-- Roger Oberholtzer
Stored in: /var/cache/raw/REPOALIAS/repodata Stephan Am Dienstag, 1. Juni 2021, 10:12:48 CEST schrieb Roger Oberholtzer:
On Mon, May 31, 2021 at 11:02 PM Olaf Hering
wrote: Am Mon, 31 May 2021 09:54:40 +0200 schrieb Roger Oberholtzer
: Of course if I add the repository this is all managed. But if I want to just install the RPM direct, is there a package with the certificates that I can install so this message is not given?
# curl -RLO http://ftp.fau.de/packman/suse/openSUSE_Leap_15.1/repodata/repomd.xml.key # gpg --show-key repomd.xml.key # rpm --import repomd.xml.key
I think it worked. The gpg command, which I guess is just checking the key file, seems to have a slightly different syntax. It listed the following (but still seemed to accept the file contents):
# gpg --show-key repomd.xml.key gpg: WARNING: "--show-keyring" is a deprecated option gpg: please use "--list-options show-keyring" instead gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2006-09-18 [SC] [expires: 2024-09-12] F8875B880D518B6B8C530D1345A1D0671ABD1AFB uid PackMan Project (signing key)
I tried the suggested --list-options show-keyring, but then I got:
# gpg --list-options show-keyring repomd.xml.key gpg WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2006-09-18 [SC] [expires: 2024-09-12] F8875B880D518B6B8C530D1345A1D0671ABD1AFB uid PackMan Project (signing key)
I'm not so familiar with the gpg command.
Olaf
* Carlos E. R.
On 01/06/2021 19.27, Stephan Hemeier wrote:
Stored in: /var/cache/raw/REPOALIAS/repodata Stephan
I don't have that directory.
well, you actually do but the address is somewhat odd, look at: /var/cache/zypp/raw/<repo><name>/repodata -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode
On 02/06/2021 03.45, Patrick Shanahan wrote:
* Carlos E. R. <> [06-01-21 20:05]:
On 01/06/2021 19.27, Stephan Hemeier wrote:
Stored in: /var/cache/raw/REPOALIAS/repodata Stephan
I don't have that directory.
well, you actually do but the address is somewhat odd,
look at: /var/cache/zypp/raw/<repo><name>/repodata
Yes, that one exists. But he said "/var/cache/raw/...", and that one doesn't exist. On the other hand, it is the "repo alias", not "repo name" which is used to name the directory. The alias can be seen in the output of "zypper lr --details". -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
participants (6)
-
-pj
-
Carlos E. R.
-
Olaf Hering
-
Patrick Shanahan
-
Roger Oberholtzer
-
Stephan Hemeier