Mailinglist Archive: opensuse-security (10 mails)

< Previous Next >
Re: [opensuse-security] RPM signature verification
On Thu, Oct 06, 2016 at 06:56:50AM -0400, Anton Aylward wrote:
On 10/06/2016 02:53 AM, Marcus Meissner wrote:


New libzypp versions can however check RPM signatures instead of repository
signatures.

You say "CAN".

a) when you say 'new', what version does that feature start with

b) is that something you set in the config file, the command line for the CLI,
or a check-box in Yast?

In the zypp.conf file, and overwritten in the repository configs.

According to the changelog it was added in libzypp 15.2.0

- zypp.conf: Add config values for gpgcheck, repo_gpgcheck
and pkg_gpgcheck. The default behavior 'gpgcheck=On' will
automatically turn on the gpg signature check for packages
downloaded from repository with unsigned metadata. If the
repo metadata are signed, a faster comparison via checksums
is done. By explicitly setting repo_gpgcheck or pkg_gpgcheck
you can enforce the signature check of repository metadata
or downloaded packages to be always performed. Those defaults
can be overwritten per repository. (FATE#314603)
- version 15.2.0 (2)

So appeared with openSUSE Leap 42.1.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups