[packman] RPM problem with packet signatures (not zypper and repomd.xml!)

Marc Schiffbauer marc at links2linux.de
Wed Mar 30 23:55:50 CEST 2011


* Leon Freitag schrieb am 23.03.11 um 19:20 Uhr:
> > Hm maybe. But I am sorry I cannot check this due to the lack of a
> > 11.1 Installation, anyone else?
> I just remembered I had the same issue back in the days when every packager 
> used his own key to manually sign the packages. I had a 4096 bit key, and I 
> had to generate a new 1024 bit key to work around the problem. But this was 
> back in 2006, when 10.1 with the buggy package management was out, and the 
> error was slightly different, too. See here:
> 
> http://lists.links2linux.de/pipermail/packman/2006-April/002406.html
> 
> However the bug might have been unaddressed in rpm until the advent of rpm 
> 4.7.1; opensuse 11.1 has rpm 4.4.x
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=436812
> 
> > Maybe we can offer a backported rpm version from 11.2 for 11.1?
> 
> Hopefully it won't break anything. Additionally, users would have to either 
> install it off the repository or disable signature checks (since the package 
> would be signed with a bad key either)

We might offer a single rpm package outside the repository that is
signed with a different key. After that everything would work nomal
again.

> 
> Maybe signing the 11.1 packages with a separate 1024 bit signing key could be 
> an alternative, or is it too much of a hassle? 

Yep, that would be too complicated and IMO will add more confusion than it 
would solve.

-Marc
-- 
8AAC 5F46 83B4 DB70 8317  3723 296C 6CCA 35A6 4134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20110330/a07467f0/attachment.sig>


More information about the Packman mailing list