[OE-core] [PATCH 2/2] lib/oe/package_manager.py (rpm): Allow use of non-signed feeds
Neal Gompa
ngompa13 at gmail.com
Mon Nov 6 05:04:34 UTC 2017
On Sun, Oct 1, 2017 at 6:01 PM, Otavio Salvador
<otavio.salvador at ossystems.com.br> wrote:
> On Sun, Oct 1, 2017 at 4:39 AM, Alexander Kanavin
> <alexander.kanavin at linux.intel.com> wrote:
>> On 09/30/2017 09:06 PM, Otavio Salvador wrote:
>>>
>>> When we wish to use the package feed for local development, it does
>>> not uses GPG signed feeds by default but dnf does. We need to
>>> configure the GPG signature check out so it works out of box.
>>>>
>>>> @@ -551,7 +551,7 @@ class RpmPM(PackageManager):
>>>
>>> if self.d.getVar('PACKAGE_FEED_SIGN') == '1':
>>> gpg_opts +=
>>> 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s-%s\n' %
>>> (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO'),
>>> self.d.getVar('DISTRO_CODENAME'))
>>> else:
>>> - gpg_opts = ''
>>> + gpg_opts = 'gpgcheck=0\n'
>>>
>>
>>
>> Again, 'gpcheck' option has nothing to do with verifying signed package
>> feeds. NAK.
>
> Oh really? so tell me why it fixed my error?
>
> Without this patch I need to use:
>
> dnf install --nogpgcheck <pkg>
>
> and it is sub-optimal as I did not enabled signed support.
>
This logic is kind of dumb, but basically, this is how this works:
gpgcheck - controls pkg_gpgcheck and repo_gpgcheck. With gpgcheck=1,
DNF defaults to pkg_gpgcheck=1 and repo_gpgcheck=0, but if gpgcheck=0,
repo_gpgcheck is forced off.
pkg_gpgcheck (not currently working)
repo_gpgcheck - enable repo_gpgcheck, this is default to 0 (thus, disabled)
At some point, this needs to be fixed in libdnf and dnf so that the
options are saner...
--
真実はいつも一つ!/ Always, there's only one truth!
More information about the Openembedded-core
mailing list