LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-31-2014, 12:18 AM   #1
cendryon
Member
 
Registered: Aug 2005
Location: France
Distribution: Slackware64 current
Posts: 78

Rep: Reputation: 27
gen_repos_files doesn't use the repo's owner GPG key to sign packages


Hi

Following the tips from a few thread here at LQ and AlienBob's blog, I set up a repository for my own slackware packages, using AlienBob gen_repos_files.sh script.

Unfortunately, slackpkg kept complaining about my repo failing the CHECKSUMS gpg check.

I dig a little and I found out that although the script generates the repo's GPG-KEY from the REPOSOWNERGPG variable, it did not use to it to sign the packages and the CHECKSUMS.md5 file.
When you don't specify the key to use, gpg uses the first one in your keyring. If that's your repo's gpg key, all is fine. But my repo's gpg key is actually second in my keyring...

Here's my proposed patch to add -u "$REPOSOWNERGPG" to the gpg command.

Cheers
Attached Files
File Type: txt gen_repos_files-gpg_sign.patch.txt (638 Bytes, 33 views)
 
Old 07-31-2014, 01:01 AM   #2
zerouno
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 283

Rep: Reputation: 87
Use slackpkg+ that allow you to use repositories not signed with slackware key
 
Old 07-31-2014, 01:49 AM   #3
cendryon
Member
 
Registered: Aug 2005
Location: France
Distribution: Slackware64 current
Posts: 78

Original Poster
Rep: Reputation: 27
Hi

I do use slackpkg+
Since both AlienBob's gen_repos_files.sh can sign the repository and slackpkg+ can check it, I wish to fully set up my repository, including signing it with my own gpg key to pass the slackpkg+ check.
The only glitch I encountered was that the key used by gen_repos_files.sh to sign the packages wasn't the one I want to use because it isn't the first in my gpg keyring.
On a second system where the gpg key for my repository is the first in the keyring, I didn't encountered this problem.

Cheers
 
Old 07-31-2014, 02:02 AM   #4
zerouno
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 283

Rep: Reputation: 87
ah, ok.
 
Old 07-31-2014, 04:33 AM   #5
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 2,823

Rep: Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558
You can specify a different key by passing a parameter. I used it for MSB repo and it worked
 
Old 07-31-2014, 09:14 AM   #6
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,709

Rep: Reputation: Disabled
Still I think it is a good proposal so I will implement it.

Eric
 
Old 07-31-2014, 11:01 AM   #7
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 2,823

Rep: Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558
Ohh i have used that actually..

Sorry, i didn't look at the patch previously
 
Old 08-01-2014, 01:34 AM   #8
cendryon
Member
 
Registered: Aug 2005
Location: France
Distribution: Slackware64 current
Posts: 78

Original Poster
Rep: Reputation: 27
Hi

"Solved" in Revision 1.92

Thanks Eric!

Cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-add doesn't resolve "Agent admitted failure to sign using the key." jcope Linux - Newbie 1 06-21-2014 02:01 AM
GPG: Bad session key gpg between gpg on linux and gpg gui on windows XP konqi Linux - Software 1 07-21-2009 09:37 AM
Sign a JAR file with a GPG key? Wynd Programming 1 12-02-2007 08:21 PM
How to GPG sign packages ? hollywoodb Fedora 1 05-12-2007 02:50 PM
squirrelmail gpg plugin - can't sign mails phil.d.g General 3 05-29-2005 12:29 PM


All times are GMT -5. The time now is 07:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration