[OE-core] [PATCH v2] lib/oe/package_manager.py (rpm): Allow use of non-signed packages
Alexander Kanavin
alexander.kanavin at linux.intel.com
Mon Oct 2 14:25:00 UTC 2017
On 10/02/2017 05:18 PM, Otavio Salvador wrote:
> When we wish to use the package feed for local development, it does
> not uses GPG signed feeds by default but dnf uses package signature
> check. We need to configure the GPG signature check out so it works
> out of box.
>
> With this patch, installing non-signed packages works:
>
> $: dnf install <package>
This patch is still wrong, and for exact same reasons. You didn't change
it at all compared to v1! I already spelled the reasons out, so I can
repeat them quickly:
The patch adds 'gpgcheck=0' when repo feed signing is disabled, which
will also disable package verification at runtime, ignoring the
altogether different build setting controlling that. As I've already
explained to you, package signing and feed signing are two different
things, with their own sets of options.
Test case:
- enable package signing, disable package feed signing, check that the
resulting dnf.conf file has package verification enabled (it won't).
Alex
More information about the Openembedded-core
mailing list