'[suse-autoinstall] Adding ZYPP repositories at install time'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-autoinstall
Subject:    [suse-autoinstall] Adding ZYPP repositories at install time
From:       Ian Grant <Ian.Grant () cl ! cam ! ac ! uk>
Date:       2006-09-15 11:59:51
Message-ID: 20060915125951.6998a4c3.Ian.Grant () cl ! cam ! ac ! uk
[Download RAW message or body]

This is a little OT but I don't know where else to ask.

In an autoyast script, how can I add a trusted key that rug/yast will use to verify \
signed ZYPP repositories?

I am trying to add ZYPP repositories in an autoinstall script. (I can do it manually \
using YaST 'Installation Sources' and it asks me if I want to trust the key used to \
sign the repository. But I don't want to have to do this manually every time I \
install a machine.)

The repository is one I have created myself using createrepo and signed as described \
here:

http://en.opensuse.org/Secure_Installation_Sources#The_.22repomd.22_or_.22YUM.22_format


To sign the repository I 'cd' to the  top-level directory and ran

     gpg -a -u rpm-packager --detach-sign repodata/repomd.xml
     gpg -a --export rpm-packager > repodata/repomd.xml.key

So I have the key in repodata/repomd.xml.key

On the new machine (in an autoyast  post-init script) I want to add the key to the \
rug keyring. I have tried

gpg --homedir /root/.gnupg \
    --import repodata/repomd.xml.key

to add it to root's keyring, and I have tried adding the key to the zmd whitelist \
using 

rug ka packager 68C0D40964D6D632 "6E55 E6C6 8A0D 5557 C10D  571B 68C0 D409 64D6 D632"

But neither work. When I run

rug --quiet sa -t zypp \
     nfs://repo.host/path/suse-10.1/extras \
     SUSE-10.1-extras

I get an error 'parsing metadata: Untrusted key rpm-packager ... (I am paraphrasing, \
I don't have a copy of the message and can't reproduce it without re-installing.)

However, if I delete an installation source added using YaST 'Installation Source' \
graphical tool and then run the above 'rug sa' command it works, presumably because \
the key has been kept.

-- 
To unsubscribe, e-mail: suse-autoinstall-unsubscribe@suse.com
For additional commands, e-mail: suse-autoinstall-help@suse.com


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic