Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-31-2014, 01:18 AM
|
#1
|
Member
Registered: Aug 2005
Location: France
Distribution: Slackware64 current
Posts: 82
Rep:
|
gen_repos_files doesn't use the repo's owner GPG key to sign packages
Hi
Following the tips from a few thread here at LQ and AlienBob's blog, I set up a repository for my own slackware packages, using AlienBob gen_repos_files.sh script.
Unfortunately, slackpkg kept complaining about my repo failing the CHECKSUMS gpg check.
I dig a little and I found out that although the script generates the repo's GPG-KEY from the REPOSOWNERGPG variable, it did not use to it to sign the packages and the CHECKSUMS.md5 file.
When you don't specify the key to use, gpg uses the first one in your keyring. If that's your repo's gpg key, all is fine. But my repo's gpg key is actually second in my keyring...
Here's my proposed patch to add -u "$REPOSOWNERGPG" to the gpg command.
Cheers
|
|
|
07-31-2014, 02:01 AM
|
#2
|
Member
Registered: Oct 2009
Location: Italy
Distribution: Slackware
Posts: 983
|
Use slackpkg+ that allow you to use repositories not signed with slackware key
|
|
|
07-31-2014, 02:49 AM
|
#3
|
Member
Registered: Aug 2005
Location: France
Distribution: Slackware64 current
Posts: 82
Original Poster
Rep:
|
Hi
I do use slackpkg+
Since both AlienBob's gen_repos_files.sh can sign the repository and slackpkg+ can check it, I wish to fully set up my repository, including signing it with my own gpg key to pass the slackpkg+ check.
The only glitch I encountered was that the key used by gen_repos_files.sh to sign the packages wasn't the one I want to use because it isn't the first in my gpg keyring.
On a second system where the gpg key for my repository is the first in the keyring, I didn't encountered this problem.
Cheers
|
|
|
07-31-2014, 03:02 AM
|
#4
|
Member
Registered: Oct 2009
Location: Italy
Distribution: Slackware
Posts: 983
|
ah, ok.
|
|
|
07-31-2014, 05:33 AM
|
#5
|
Senior Member
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,791
|
You can specify a different key by passing a parameter. I used it for MSB repo and it worked
|
|
|
07-31-2014, 10:14 AM
|
#6
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Still I think it is a good proposal so I will implement it.
Eric
|
|
|
07-31-2014, 12:01 PM
|
#7
|
Senior Member
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,791
|
Ohh i have used that actually..
Sorry, i didn't look at the patch previously
|
|
|
08-01-2014, 02:34 AM
|
#8
|
Member
Registered: Aug 2005
Location: France
Distribution: Slackware64 current
Posts: 82
Original Poster
Rep:
|
Hi
"Solved" in Revision 1.92
Thanks Eric!
Cheers
|
|
|
All times are GMT -5. The time now is 06:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|