add rpm package signature import functionality

Bug #245643 reported by Rehan Khan
2
Affects Status Importance Assigned to Milestone
Smart Package Manager
New
Wishlist
Gustavo Niemeyer

Bug Description

Imported: http://tracker.labix.org/issue97

Reason: Review patch. Is this in and working already?

further details: https://blueprints.launchpad.net/smart/+spec/bug-reporting-migration

msg625 (view) Author: cthiel Date: 2006-08-15.17:25:20

This has been implemented and ist just waiting to be commited into trunk ;)

http://lists.labix.org/pipermail/smart-labix.org/2006-August/001330.html

msg374 (view) Author: rbos Date: 2006-02-14.22:09:00

> I'm not the best person to judge that, but shouldn't that be handled by rpm
> directly? Why add a new command into Smart if you can "rpm --import PUBKEY"?

It's the other way around. Users will be using smart and not rpm. So the
question is why bother users with another command being rpm. Besides that
where are the PUBKEY located? When they are provided by an rpm they are part
of the overall package repository. As such the user will know that by adding
the component/channel 'rpmkey' (on by default) he will be able to obtain
the correct rpmkey. I can't judge how often it is used, but on the suse
email list people refer to this regurarely.

> Anyway, if the sig exists on an rpm file on the repository, you would just
> "smart install rpm-sig-repo.rpm", por example.

That will install the rpm indeed. But it won't install the signature!!!
Please, add this functionality to smart a it so convenient once
used to it (with apt).

msg364 (view) Author: netmask Date: 2006-02-12.18:24:27

I'm not the best person to judge that, but shouldn't that be handled by rpm
directly? Why add a new command into Smart if you can "rpm --import PUBKEY"?

Anyway, if the sig exists on an rpm file on the repository, you would just
"smart install rpm-sig-repo.rpm", por example.

msg263 (view) Author: rbos Date: 2006-01-22.20:47:38

Add the possibility to import gpg package keys using rpms.

On suse it is possible with apt to import package signatures with
the following command 'apt --no-checksig --no-postscript rpmkey-<buildername>'
This command will (of course) obtain the rpm package that provides the
corresponding gpg key. This package is than installed and the
gpg key is loaded into rpm signature database. Very convenient for the user!
It would be great if smart would provide the same functionality.

Attached is an apt script that does the gpg key import trick. On the
link below is explained how the rpmkey package is created:
http://linux01.gwdg.de/apt4rpm/signing.html#rpmkey

Revision history for this message
Rehan Khan (rasker) wrote :
Rehan Khan (rasker)
Changed in smart:
assignee: nobody → niemeyer
importance: Undecided → Wishlist
tags: added: opensuse
Changed in smart:
milestone: none → 1.4
Changed in smart:
milestone: 1.4 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.