Import new GPG keys in smart

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Import new GPG keys in smart

Bernhard Walle-2
Hello,

Everybody who uses the smart package manager may have been recognised
that the new GPG build keys are not on keyservers, so the installation
fails.

I wrote a script that fetches all GPG keys of all repositories that
are currently in the smart configuration and imports them into rpm:

    http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice

I thought it may also be useful for other people ...


        Bernhard
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Adrian Schröter
On Wednesday 23 January 2008 22:30:29 wrote Bernhard Walle:

> Hello,
>
> Everybody who uses the smart package manager may have been recognised
> that the new GPG build keys are not on keyservers, so the installation
> fails.
>
> I wrote a script that fetches all GPG keys of all repositories that
> are currently in the smart configuration and imports them into rpm:
>
>     http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice
>
> I thought it may also be useful for other people ...

I would like to add that there is no guarantee that the keys from the key
server are the correct ones, you need to check this on your own.

Downloading from

  http://download.opensuse.org/repostories/.../repodata/repodata.xml.key 

would be more secure, if you do not validate the key via the generic OBS key.

--

Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Bernhard Walle-2
* Adrian Schröter <[hidden email]> [2008-01-23 23:18]:

> On Wednesday 23 January 2008 22:30:29 wrote Bernhard Walle:
> > Hello,
> >
> > Everybody who uses the smart package manager may have been recognised
> > that the new GPG build keys are not on keyservers, so the installation
> > fails.
> >
> > I wrote a script that fetches all GPG keys of all repositories that
> > are currently in the smart configuration and imports them into rpm:
> >
> >     http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice
> >
> > I thought it may also be useful for other people ...
>
> I would like to add that there is no guarantee that the keys from the key
> server are the correct ones, you need to check this on your own.
>
> Downloading from
>
>   http://download.opensuse.org/repostories/.../repodata/repodata.xml.key 

!?!?! What does the script?


        Bernhard
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Werner Flamme
Bernhard Walle   [24.01.2008 08:07]:
> * Adrian Schröter <[hidden email]> [2008-01-23 23:18]:
>> On Wednesday 23 January 2008 22:30:29 wrote Bernhard Walle:
>>> Hello,
>>>
>>> Everybody who uses the smart package manager may have been recognised
>>> that the new GPG build keys are not on keyservers, so the installation
>>> fails.

Correct :-( The attempt to install with YaST also fails when you do not
click OK for each and every single new key :-(

>>> I wrote a script that fetches all GPG keys of all repositories that
>>> are currently in the smart configuration and imports them into rpm:
>>>
>>>     http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice
>>>
>>> I thought it may also be useful for other people ...
>> I would like to add that there is no guarantee that the keys from the key
>> server are the correct ones, you need to check this on your own.
>>
>> Downloading from
>>
>>   http://download.opensuse.org/repostories/.../repodata/repodata.xml.key 
>
> !?!?! What does the script?

Found repo http://software.opensuse.org/download/Base:/install/standard
Found repo http://software.opensuse.org/download/Base:/build/standard
Importing key 5D053B4F
Key 5D053B4F already there

And the other about 100 channels I defined in smart are not handled :-(
Yesterday, it took me about an hour to handle the keys in YaST's
sw_single module...

Regards,
Werner

--
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
http://www.ufz.de - eMail: [hidden email]
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Werner Flamme
Werner Flamme   [24.01.2008 10:03]:

> Bernhard Walle   [24.01.2008 08:07]:
>> !?!?! What does the script?
>
> Found repo http://software.opensuse.org/download/Base:/install/standard
> Found repo http://software.opensuse.org/download/Base:/build/standard
> Importing key 5D053B4F
> Key 5D053B4F already there
>
> And the other about 100 channels I defined in smart are not handled :-(
> Yesterday, it took me about an hour to handle the keys in YaST's
> sw_single module...

Ah yes, I found it: only channels from opensuse.org are handled. My
channels mostly point to ftp5.gwdg.de or skynet.be, so I have to write
my first lines of python code now, I think ;-)

>
> Regards,
> Werner
>


--
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
http://www.ufz.de - eMail: [hidden email]
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Adrian Schröter
In reply to this post by Werner Flamme
On Thursday 24 January 2008 10:03:33 wrote Werner Flamme:

> Bernhard Walle   [24.01.2008 08:07]:
> > * Adrian Schröter <[hidden email]> [2008-01-23 23:18]:
> >> On Wednesday 23 January 2008 22:30:29 wrote Bernhard Walle:
> >>> Hello,
> >>>
> >>> Everybody who uses the smart package manager may have been recognised
> >>> that the new GPG build keys are not on keyservers, so the installation
> >>> fails.
>
> Correct :-( The attempt to install with YaST also fails when you do not
> click OK for each and every single new key :-(

sure, when you  do not trust the repository, YaST protects you from installing
from it. That is a must have ...

> >>> I wrote a script that fetches all GPG keys of all repositories that
> >>> are currently in the smart configuration and imports them into rpm:
> >>>
> >>>    
> >>> http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice
> >>>
> >>> I thought it may also be useful for other people ...
> >>
> >> I would like to add that there is no guarantee that the keys from the
> >> key server are the correct ones, you need to check this on your own.
> >>
> >> Downloading from
> >>
> >>   http://download.opensuse.org/repostories/.../repodata/repodata.xml.key
> >
> > !?!?! What does the script?
>
> Found repo http://software.opensuse.org/download/Base:/install/standard
> Found repo http://software.opensuse.org/download/Base:/build/standard
> Importing key 5D053B4F
> Key 5D053B4F already there
>
> And the other about 100 channels I defined in smart are not handled :-(
> Yesterday, it took me about an hour to handle the keys in YaST's
> sw_single module...

An hour ? You have indeed 100 OBS channels subscribed ?

I can hardly imagine a usecase for this ...

--

Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Werner Flamme
Adrian Schröter   [24.01.2008 10:19]:
>
> An hour ? You have indeed 100 OBS channels subscribed ?

Yes.

> I can hardly imagine a usecase for this ...
>

Curiousity :-) And x86_64. Somewhere in the deeps of the repos are
up-to-date versions of x86_64 packages that don't bring i586 as
dependencies. At least I hope so. BTW, obs - a noarch pack - introduced
a lot of ruby i586 packages to my system... ;-)

Regards,
Werner

--
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
http://www.ufz.de - eMail: [hidden email]
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Marcus Rueckert-3
On 2008-01-24 10:28:26 +0100, Werner Flamme wrote:

> Adrian Schröter   [24.01.2008 10:19]:
> >
> > An hour ? You have indeed 100 OBS channels subscribed ?
>
> Yes.
>
> > I can hardly imagine a usecase for this ...
> >
>
> Curiousity :-) And x86_64. Somewhere in the deeps of the repos are
> up-to-date versions of x86_64 packages that don't bring i586 as
> dependencies. At least I hope so. BTW, obs - a noarch pack - introduced
> a lot of ruby i586 packages to my system... ;-)

that is just a stupid smart bug. it has nothing to do with the packages.
if smart sees a package where i586 is newer than x86_64 ... it blindly
installs that. yum has similar ideas sometimes but it can be tamed with
yum install|upgrade --exclude=\*i586\* <otherargs>

smart is not so smart sometimes.

    darix

--
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Werner Flamme
Marcus Rueckert   [24.01.2008 12:49]:

> On 2008-01-24 10:28:26 +0100, Werner Flamme wrote:
>> Adrian Schröter   [24.01.2008 10:19]:
>>> An hour ? You have indeed 100 OBS channels subscribed ?
>> Yes.
>>
>>> I can hardly imagine a usecase for this ...
>>>
>> Curiousity :-) And x86_64. Somewhere in the deeps of the repos are
>> up-to-date versions of x86_64 packages that don't bring i586 as
>> dependencies. At least I hope so. BTW, obs - a noarch pack - introduced
>> a lot of ruby i586 packages to my system... ;-)
>
> that is just a stupid smart bug. it has nothing to do with the packages.
> if smart sees a package where i586 is newer than x86_64 ... it blindly
> installs that. yum has similar ideas sometimes but it can be tamed with
> yum install|upgrade --exclude=\*i586\* <otherargs>
>
> smart is not so smart sometimes.

That last is what I know :-) I read the smart mailing list... ;-)

I installed obs via YaST. The dependencies were not discovered by smart.

When I want to update package X, smart often tells me it is going to
install X in i586 as well as in x86_64. In the meantime, I'm used to
look at the packages smart wants to install before starting the run ;-)

I cannot exclude i586 completely due to Sun's Java policy. How to use a
 x86_64 Firefox with Java? Java 1.4 was the last Java that included the
browser plugins. Fedora includes icedtea, but I never get them running
on my machine, so I had to use i586 FF instead.

Why do I need Java in FF? I have to care for some Sun Servers, and the
remote access is managed via Java browser plugin... Konqueror and Opera
can't log in ("no cookie" alert, though it works on other websites), so
I'm bound to the gecko family. FF and SM need a plugin, whereas Konq
only needs the java executable. Bad luck for me.

Regards,
Werner

--
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
http://www.ufz.de - eMail: [hidden email]
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Cristian Morales Vega
2008/1/24, Werner Flamme <[hidden email]>:

> Marcus Rueckert   [24.01.2008 12:49]:
> > On 2008-01-24 10:28:26 +0100, Werner Flamme wrote:
> >> Adrian Schröter   [24.01.2008 10:19]:
> >>> An hour ? You have indeed 100 OBS channels subscribed ?
> >> Yes.
> >>
> >>> I can hardly imagine a usecase for this ...
> >>>
> >> Curiousity :-) And x86_64. Somewhere in the deeps of the repos are
> >> up-to-date versions of x86_64 packages that don't bring i586 as
> >> dependencies. At least I hope so. BTW, obs - a noarch pack - introduced
> >> a lot of ruby i586 packages to my system... ;-)
> >
> > that is just a stupid smart bug. it has nothing to do with the packages.
> > if smart sees a package where i586 is newer than x86_64 ... it blindly
> > installs that. yum has similar ideas sometimes but it can be tamed with
> > yum install|upgrade --exclude=\*i586\* <otherargs>
> >
> > smart is not so smart sometimes.
>
> That last is what I know :-) I read the smart mailing list... ;-)
>
> I installed obs via YaST. The dependencies were not discovered by smart.
>
> When I want to update package X, smart often tells me it is going to
> install X in i586 as well as in x86_64. In the meantime, I'm used to
> look at the packages smart wants to install before starting the run ;-)

Since Smart 0.52 release Christoph Thiel and Pascal Bleser have
updated it with some interesting patches. I also remember the case
where Smart wanted to install both i586 and x86_64, but weren't this
fixed with this patch?
* jue dic 06 2007 [hidden email]
- readded smart-trunk.patch (r899)
  * improved x86_64 support: packages of color 2 (x86_64, etc) are
    considered of higher precedence when compared to packages of color 1.
N�����r��y隊Z)z{.���Wlz��qﮞ˛���m�)z{.��+�Z+i�b�*'jW(�f�vǦj)h���Ǜ�)]���Ǿ��i�������
Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Marcus Rueckert-3
On 2008-01-24 15:22:02 +0100, Christian Morales Vega wrote:
> Since Smart 0.52 release Christoph Thiel and Pascal Bleser have
> updated it with some interesting patches. I also remember the case
> where Smart wanted to install both i586 and x86_64, but weren't this
> fixed with this patch?
> * jue dic 06 2007 [hidden email]
> - readded smart-trunk.patch (r899)
>   * improved x86_64 support: packages of color 2 (x86_64, etc) are
>     considered of higher precedence when compared to packages of color 1.

and it failed on my testing again.

    darix

--
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Bernhard Walle-2
* Marcus Rueckert <[hidden email]> [2008-01-24 15:33]:

> On 2008-01-24 15:22:02 +0100, Christian Morales Vega wrote:
> > Since Smart 0.52 release Christoph Thiel and Pascal Bleser have
> > updated it with some interesting patches. I also remember the case
> > where Smart wanted to install both i586 and x86_64, but weren't this
> > fixed with this patch?
> > * jue dic 06 2007 [hidden email]
> > - readded smart-trunk.patch (r899)
> >   * improved x86_64 support: packages of color 2 (x86_64, etc) are
> >     considered of higher precedence when compared to packages of color 1.
>
> and it failed on my testing again.

Very detailled information!


        Bernhard
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Marcus Rueckert-3
On 2008-01-24 15:51:15 +0100, Bernhard Walle wrote:

> * Marcus Rueckert <[hidden email]> [2008-01-24 15:33]:
> > On 2008-01-24 15:22:02 +0100, Christian Morales Vega wrote:
> > > Since Smart 0.52 release Christoph Thiel and Pascal Bleser have
> > > updated it with some interesting patches. I also remember the case
> > > where Smart wanted to install both i586 and x86_64, but weren't this
> > > fixed with this patch?
> > > * jue dic 06 2007 [hidden email]
> > > - readded smart-trunk.patch (r899)
> > >   * improved x86_64 support: packages of color 2 (x86_64, etc) are
> > >     considered of higher precedence when compared to packages of color 1.
> >
> > and it failed on my testing again.
>
> Very detailled information!

cthiel got all the debug informations from me already.

    darix

--
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Christoph Thiel
On Thu, Jan 24, 2008 at 05:28:40PM +0100, Marcus Rueckert wrote:

> On 2008-01-24 15:51:15 +0100, Bernhard Walle wrote:
> > * Marcus Rueckert <[hidden email]> [2008-01-24 15:33]:
> > > On 2008-01-24 15:22:02 +0100, Christian Morales Vega wrote:
> > > > Since Smart 0.52 release Christoph Thiel and Pascal Bleser have
> > > > updated it with some interesting patches. I also remember the case
> > > > where Smart wanted to install both i586 and x86_64, but weren't this
> > > > fixed with this patch?
> > > > * jue dic 06 2007 [hidden email]
> > > > - readded smart-trunk.patch (r899)
> > > >   * improved x86_64 support: packages of color 2 (x86_64, etc) are
> > > >     considered of higher precedence when compared to packages of color 1.
> > >
> > > and it failed on my testing again.
> >
> > Very detailled information!
>
> cthiel got all the debug informations from me already.

I didn't :( Which bug #?


Best,
Christoph
--
Christoph Thiel, Tech. Project Management, Research & Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Marcus Rueckert-3
On 2008-01-24 18:11:41 +0100, Christoph Thiel wrote:
> On Thu, Jan 24, 2008 at 05:28:40PM +0100, Marcus Rueckert wrote:
> > cthiel got all the debug informations from me already.
>
> I didn't :( Which bug #?

you did. we discussed it on irc. no bugzilla so far

    darix

--
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Import new GPG keys in smart

Werner Flamme
In reply to this post by Bernhard Walle-2
Bernhard Walle   [23.01.2008 22:30]:

> Hello,
>
> Everybody who uses the smart package manager may have been recognised
> that the new GPG build keys are not on keyservers, so the installation
> fails.
>
> I wrote a script that fetches all GPG keys of all repositories that
> are currently in the smart configuration and imports them into rpm:
>
>     http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice
>
> I thought it may also be useful for other people ...
>
>
>         Bernhard

Hi Bernhard,

this script does not run on my repositories, one of them may be bad ;-)

[...lots of "Found repo" lines cut off...]
Found repo
http://software.opensuse.org/download/home:/steve-beattie/openSUSE-10.3
Found repo http://software.opensuse.org/download/Banshee/openSUSE_10.3/
Traceback (most recent call last):
  File "./smart_fetch_keys_buildservice", line 89, in <module>
    main()
  File "./smart_fetch_keys_buildservice", line 85, in main
    keyurls = get_key_urls(urls)
  File "./smart_fetch_keys_buildservice", line 43, in get_key_urls
    f = urllib2.urlopen(url)
  File "/usr/lib64/python2.5/urllib2.py", line 121, in urlopen
    return _opener.open(url, data)
  File "/usr/lib64/python2.5/urllib2.py", line 380, in open
    response = meth(req, response)
  File "/usr/lib64/python2.5/urllib2.py", line 491, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python2.5/urllib2.py", line 412, in error
    result = self._call_chain(*args)
  File "/usr/lib64/python2.5/urllib2.py", line 353, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.5/urllib2.py", line 575, in http_error_302
    return self.parent.open(new)
  File "/usr/lib64/python2.5/urllib2.py", line 380, in open
    response = meth(req, response)
  File "/usr/lib64/python2.5/urllib2.py", line 491, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python2.5/urllib2.py", line 418, in error
    return self._call_chain(*args)
  File "/usr/lib64/python2.5/urllib2.py", line 353, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.5/urllib2.py", line 499, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 404: Not Found

So s.th. was not found, but I don't know what :-(

Since I did not manage to find a way catching this error (I am no python
programmer), I wrote a shell script following your ideas - with a little
difference in processing, "sequentially" instead of "en gros" ;-). You
can find my version on
<http://www.wernerflamme.name/doku.php?id=users:werner:getrepokeys_en>.

Regards,
Werner

--
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
http://www.ufz.de - eMail: [hidden email]
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]