On 10/02/2017 05:18 PM, Otavio Salvador wrote:
When we wish to use the package feed for local development, it does
not uses GPG signed feeds by default but dnf uses package signature
check. We need to configure the GPG signature check out so it works
out of box.
With this patch, installing non-signed packages works:
$: dnf install <package>
This patch is still wrong, and for exact same reasons. You didn't change
it at all compared to v1! I already spelled the reasons out, so I can
repeat them quickly:
The patch adds 'gpgcheck=0' when repo feed signing is disabled, which
will also disable package verification at runtime, ignoring the
altogether different build setting controlling that. As I've already
explained to you, package signing and feed signing are two different
things, with their own sets of options.
Test case:
- enable package signing, disable package feed signing, check that the
resulting dnf.conf file has package verification enabled (it won't).
Alex
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
