auto importing rpm gpg public keys from keyserver
Andrea Arcangeli
andrea at suse.de
Thu Jun 8 17:47:25 PDT 2006
Hello,
smart is my package manager of choice on top of sl10.1 using the apt-rpm
channels. It's overall working great.
I think it's fundamental to have rpm signatures checks enabled. I wish
this would be the default (sorry why is this disabled by default?),
but I quickly enabled it as first thing with:
smart config --set rpm-check-signatures=true
However I want to allow more than the SUSE gpg key, and I wonder if
there's a way to automate the importing of new signatures from the
pgp.mid.edu keyservers whenever they accour in new packages.
Currently when the upgrade command fails I go by hand like this:
gpg --keyserver pgp.mit.edu --recv-keys $keynumber
gpg -a --export $keynumber >/tmp/z
rpm --import /tmp/z
and then I restart. I would like this procedure to be automated, of
course asking me if I accept to import the new key in the rpm database
or not (so not really completely automated, but easy enough that I can
only see the package name, the name of the signer and click on "y" and
return and nothing else). This is almost as friendly as the
rpm-check-signatures=false mode, but it doesn't lose the full security
during the updates.
I actually wish something more complicated than the above for the
future, but this would be a good start.
Should I try to implement this myself or is somebody working on
something similar?
Thanks.
More information about the Smart
mailing list