Dear SUSE types, How, using the command line, can I add a trusted key that rug/yast will use to verify signed ZYPP repositories?
I am trying to add ZYPP repositories in an autoinstall script. (I can do it manually using YaST 'Installation Sources' and it asks me if I want to trust the key used to sign the repository. But I don't want to have to do this manually on every machine.) The repository is one I have created myself using createrepo and signed as described here: http://en.opensuse.org/Secure_Installation_Sources#The_.22repomd.22_or_.22YUM.22_format To sign the repository I 'cd' to the top-level directory and ran gpg -a -u rpm-packager --detach-sign repodata/repomd.xml gpg -a --export rpm-packager > repodata/repomd.xml.key So I have the key in repodata/repomd.xml.key On the new machine (in an autoyast post-init script) I want to add the key to the rug keyring. I have tried gpg --homedir /root/.gnupg \ --import repodata/repomd.xml.key to add it to root's keyring, and I have tried adding the key to the zmd whitelist using rug ka packager 68C0D40964D6D632 "6E55 E6C6 8A0D 5557 C10D 571B 68C0 D409 64D6 D632" But neither work. When I run rug --quiet sa -t zypp \ nfs://repo.host/path/suse-10.1/extras \ SUSE-10.1-extras I get an error 'parsing metadata: Untrusted key rpm-packager ... (I am paraphrasing, I don't have a copy of the message and can't reproduce it without re-installing.) However, if I delete an installation source added using YaST 'Installation Source' graphical tool and then run the above 'rug sa' command it works, presumably because the key has been kept. Anyone got any good ideas? Even some pointers aboout where in the source to look. libzypp, rug/zmd what? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
