[OE-core] [PATCH v2] lib/oe/package_manager.py (rpm): Allow use of non-signed packages
Otavio Salvador
otavio.salvador at ossystems.com.br
Mon Oct 2 14:34:40 UTC 2017
On Mon, Oct 2, 2017 at 11:25 AM, Alexander Kanavin
<alexander.kanavin at linux.intel.com> wrote:
> On 10/02/2017 05:18 PM, Otavio Salvador wrote:
>>
>> When we wish to use the package feed for local development, it does
>> not uses GPG signed feeds by default but dnf uses package signature
>> check. We need to configure the GPG signature check out so it works
>> out of box.
>>
>> With this patch, installing non-signed packages works:
>>
>> $: dnf install <package>
>
>
> This patch is still wrong, and for exact same reasons. You didn't change it
> at all compared to v1! I already spelled the reasons out, so I can repeat
> them quickly:
>
> The patch adds 'gpgcheck=0' when repo feed signing is disabled, which will
> also disable package verification at runtime, ignoring the altogether
> different build setting controlling that. As I've already explained to you,
> package signing and feed signing are two different things, with their own
> sets of options.
>
> Test case:
>
> - enable package signing, disable package feed signing, check that the
> resulting dnf.conf file has package verification enabled (it won't).
It does not work as you are explaining. Without this patch I /need/ to use:
dnf install --nogpgcheck nano
to install nano. dnf has it enabled.
root at qemux86-64:~# grep gpg /etc/dnf/dnf.conf
gpgcheck=1
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
More information about the Openembedded-core
mailing list