On Fri, May 05, 2006 at 11:51:19PM +0200, Marcel Hilzinger wrote:
> Am Dienstag, 2. Mai 2006 12:43 schrieb houghi:
>
> > I still get the same error. I now have:
> > #Remove keys in content
> > grep -v ^META $CD_DIR/content > $CD_DIR/content.bak
> > mv $CD_DIR/content.bak $CD_DIR/content
> > grep -v ^KEY $CD_DIR/content > $CD_DIR/content.bak
> > mv $CD_DIR/content.bak $CD_DIR/content
>
> Does all content have to be signed by the same key? If not, why do you resign
> also files, which content did not change (e.g. selection files)?
Mainly lazyness. Otherwise I would also have to check wich files are
changed and wich ones are not, making it more complicating then needed, I
think.
For me it is easier to just sign all, instead of just some and some not.
The reason that I rather do all is that way I won't forget anything. :-)
> > #Set the key
> > LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e
> > 's/.*\///;s/.*//g;'|head -n 1` gpg --export -a >
> > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc
>
> This gives a file like gpg-pubkey-6344CBC1.asc
> But on the CDs the keys look like this:
>
> gpg-pubkey-9c800aca-40d8063e.asc
I know. No idea wether this is relevant. How do I get a key as above?
> > # Sign files in /suse/setup/descr/
> > for FILE in `ls $CD_DIR/suse/setup/descr/`
> > do
> > echo "META SHA1 $(cd $CD_DIR/suse/setup/descr/ && sha1sum
> > ${FILE})" >> $CD_DIR/content done
> > #Sign *.asc files
> > for FILE in `ls $CD_DIR|grep ^gpg-pubkey*`
> > do
> > echo "KEY SHA1 $(cd $CD_DIR && sha1sum ${FILE})">>
> > $CD_DIR/content done
> Here the same question: is it neccessary to resign all the files? Or would it
> be enough to sign only the files makeSuSEdvd changed?
Same answer. You might gain time, but loose simplicity. (Unless there is a
reason that it won't work otherwise)
> Btw:
> gpg --detach-sign -u $LOCAL_KEY -a $CD_DIR/media.1/products
>
> creates products.sig not products.asc on my SL 9.3
Without the -a it does. With the -a it makes a products.asc
[EMAIL PROTECTED] : touch test
[EMAIL PROTECTED] : l test*
-rw------- 1 houghi users 6523 2006-04-30 20:13 test
[EMAIL PROTECTED] : gpg --detach-sign -u 70660424 test
[EMAIL PROTECTED] : l test*
-rw------- 1 houghi users 6523 2006-04-30 20:13 test
-rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig
[EMAIL PROTECTED] : gpg --detach-sign -u 70660424 -a test
[EMAIL PROTECTED] : l test*
-rw------- 1 houghi users 6523 2006-04-30 20:13 test
-rw-r--r-- 1 houghi users 481 2006-05-06 00:11 test.asc
-rw-r--r-- 1 houghi users 280 2006-05-06 00:10 test.sig
Or at least that is how it should be. I don't have a 9.3 installed, so I
can't verify. Anybody else?
houghi
--
Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es
ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk
und Arbeit, und das Sein wichtiger als das Tun
- Johannes Müller-Elmau
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
