While working on a SLES10 image, I'm running into a problem where it's
ignoring my updates path, even though I've signed content and put the
key into the initrd file, and included the signature parts in the
profile:
My general section looks like:
<general>
<mode>
<confirm config:type="boolean">false</confirm>
<forceboot config:type="boolean">false</forceboot>
</mode>
<mouse>
<id>none</id>
</mouse>
true
true
true
true
</general>
but I still get "Can't find packages openafs, openafs-client,
openafs-devel" (Our builds of openafs) that are in updates, and y2log
shows:
2007-03-26 18:16:35 <0> 10.42.37.135(3306) [zypp] ExternalProgram.cc(checkStatus):333 pid 3816 successfully completed
2007-03-26 18:16:35 <1> 10.42.37.135(3306) [zypp::KeyRing] KeyRing.cc(verifyFileSignatureWorkflow):328 File [/var/tmp/TmpDir.CnJ7LU/DATA/content] ( /content (nfs://10.46.16.35/local/mnt/x86_64/sles10/updates) ) signed with unknown key []
2007-03-26 18:16:35 <1> 10.42.37.135(3306) [zypp::KeyRing] KeyRing.cc(verifyFileSignatureWorkflow):336 User does not want to accept unknown key
2007-03-26 18:16:35 <5> 10.42.37.135(3306) [base] Exception.cc(log):94 SuseTagsImpl.cc(downloadMetadata):261 THROW: SuseTagsImpl.cc(downloadMetadata):261: Error. Source signature does not validate and user does not want to continue.
2007-03-26 18:16:35 <0>
10.42.37.135(3306) [zypp] PathInfo.cc(_Log_Result):295 recursive_rmdir /var/tmp/TmpDir.CnJ7LU
2007-03-26 18:16:35 <0> 10.42.37.135(3306) [zypp] TmpPath.cc(~Impl):78 TmpPath cleaned up /var/tmp/TmpDir.CnJ7LU{d 0700 0/0}
2007-03-26 18:16:35 <5> 10.42.37.135(3306) [base] Exception.cc(log):94 SuseTagsImpl.cc(saveMetadataTo):339 THROW: SuseTagsImpl.cc(saveMetadataTo):339: Downloading metadata failed (is a susetags source?) or user did not accept remote source. Aborting refresh.
It explicitly says "User does not want to accept unknown key" which
isn't true. An almost identical setup for SLED10 is working (it's
updates path was create with create_update_source.sh from SLED10, the
above from the SLES10 version of the script).
The key also shouldn't show up as unknown (I would think) since it had
imported the key left in the initrd.
Also.. there seem to be tons of things missing from the dtd files so
that using xmllint --valid is basically useless because things like
signature_handling aren't even defined (nor are it's interior bits).
I have applied the sles10 root fix v.4 script too.
--
Mike Marion-Unix SysAdmin/Staff IT Engineer-http://www.qualcomm.com
Peggy: "12 years old and drinking a beer!?!"
Bobby: "I didn't even like it!"
Hank: "Well now you're just trying to get me mad!" ==> King of the Hill
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org