-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin Sherrill wrote:
> Jesus M. Rodriguez wrote:
>> On Tue, Nov 18, 2008 at 11:56 AM, Justin Sherrill <[EMAIL PROTECTED]> wrote:
>>
>>> The installing OS doesn't really make any difference. We store a mapping
>>> of GPG Key ids -> Providers in the rhnPackageKey table. Here's an
>>> example of an insertion that we do upon installation of spacewalk:
>>>
>>> #sqlplus spacewalk/[EMAIL PROTECTED]
>>>
>>> sqlplus> insert into rhnPackageKey (id, key_id, key_type_id,
>>> provider_id) values
>>> (rhn_pkey_id_seq.nextval, 'b44269d04f2a6fd2',
>>> lookup_package_key_type('gpg'), lookup_package_provider('Fedora'));
>>>
>>> This requires on their being a package provider (from
>>> rhnPackageProvider) named 'Fedora'. To insert that, we ran:
>>>
>>> sqlplus> insert into rhnPackageProvider (id, name) values
>>> (rhn_package_provider_id_seq.nextval, 'Fedora' );
>>> sqlplus>commit
>>>
>>>
>>> To get the gpg key ID that you need to insert, simply run 'rpm -qip
>>> package.rpm' and look for the "Key ID" field. I'd like to make a UI
>>> for adding package Ids and providers, but currently there isn't a way to
>>> do that. What were the GPG ids for packages that are showing up as unknown?
>>>
>> How will custom keys get imported into this table?
>>
>> jesus
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> [email protected]
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
> The key should be added to the DB when a package is imported with a new
> key. Currently there isn't a way to associate a provider to a key,
> which is why UI bits would be nice. Right now, a custom package would
> just show up with a 'unknown' provider.
>
> -Justin
>
> _______________________________________________
> Spacewalk-list mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/spacewalk-list
Minimally, could we add a frontend API call to associate a
key/fingerprint with a provider? Even more ideally, this would be added
to the backend API and rhnpush with an additional argument. Something like:
- --sig=KEY Push signed packages with this fingerprint
(that is, it would prevent accidentally pushing packages that are not
signed or signed with the wrong key)
and could be used in conjunction with:
- --provider=PROVIDER Define provider for this key if not already
defined
(that is, if it already has been defined once, using this flag would not
override this)
Seems like a decent stop-gap until we can either get a WebUI or API
solution.
Thanks.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org
iD8DBQFJI44/hwQhj8l1t/cRAsdsAKCX6ejniOUg3ryps8ry6bAmD4knDgCgnJV8
4Y4vuMz6ctVrEpNS0SKTRu8=
=vG2E
-----END PGP SIGNATURE-----
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
