hello i see numerous mails, where mdk users want check gpg signatures of packages, which downloaded via urpmi, before installing it. i don't know why this is not still implemented, but today i see onto urpmi script and add 4 lines and woala, before installing, urpmi check signature..
patch is attached, but i known, this is dirty patch, check signature only before install & upgrade, cannot stop install process if signature is not ok, etc. this is only idea to urpmi developers:) p.s.: off course, i patched latest urpmi package: urpmi-3.3-22mdk cheers --
--- /usr/sbin/urpmi.ORIG Thu Mar 21 13:51:27 2002
+++ /usr/sbin/urpmi Thu Mar 21 14:35:36 2002
@@ -387,7 +387,10 @@
}
} else {
if (@rpms_install) {
- system("rpm", "-i$rpm_opt", "--nodeps", @rpms_install, ($root ? ("--root",
$root) : ()));
+ print "checking GPG signature..\n";
+ system("rpm", "-K", @rpms_upgrade, ($root ? ("--root", $root) : ()));
+
+ system("rpm", "-i$rpm_opt", "--nodeps", @rpms_install, ($root ? ("--root",
+$root) : ()));
if (@$_) {
message(_("Installation failed"));
@@ -407,7 +410,10 @@
}
}
if (@rpms_upgrade) {
- system("rpm", "-U$rpm_opt", @rpms_upgrade, ($root ? ("--root", $root) :
()));
+ print "checking GPG signature..\n";
+ system("rpm", "-K", @rpms_upgrade, ($root ? ("--root", $root) : ()));
+
+ system("rpm", "-U$rpm_opt", @rpms_upgrade, ($root ? ("--root", $root) : ()));
if ($?) {
message(_("Installation failed"));
msg61136/pgp00000.pgp
Description: PGP signature
