Smart Package Manager

add apt rpm package gpg signature checking

Bug #245647 reported by Rehan Khan on 2008-07-04

Affects		Status	Importance	Assigned to	Milestone
	Smart Package Manager	Fix Released	Wishlist	Unassigned	Smart Package Manager 1.3

Bug Description

Imported: http://tracker.labix.org/issue96

Reason:

further details: https://blueprints.launchpad.net/smart/+spec/bug-reporting-migration

msg626 (view) Author: cthiel Date: 2006-08-15.17:25:59

This has been implemented and ist just waiting to be commited into trunk ;)

http://lists.labix.org/pipermail/smart-labix.org/2006-August/001330.html

It's part of the current SUSE smart packages already.

msg375 (view) Author: rbos Date: 2006-02-14.22:20:35

No it does not. I created an rpm without signature, so the check should fail,
but is does not fail:

# smart -o rpm-check-signatures=true
install /home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm
Loading cache...
Updating cache... ######################################## [100%]

Computing transaction...

Upgrading packages (1):
gramps-2.0.9-0.suse1000.rb3@i586

3.3MB of package files are needed.

Confirm changes? (Y/n):

Committing transaction...
Preparing... ######################################## [ 0%]
1:Installing gramps ######################################## [ 50%]

The correct behaviour should be:
# apt
install /home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm
Reading Package Lists... Done
Building Dependency Tree... Done
Selecting gramps for
'/home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm'
The following NEW packages will be installed:
gramps
0 upgraded, 1 newly installed, 0 removed and 7 not upgraded.
Need to get 0B/3396kB of archives.
After unpacking 11.5MB of additional disk space will be used.
Checking GPG signatures...
Unsigned /home/richard/packages/1000/gramps/RPMS/i586/gramps-2.0.9-0.suse1000.rb3.i586.rpm:
sha1 md5 OK
E: Error(s) while checking package signatures:
1 unsigned package(s)
0 package(s) with unknown signatures
0 package(s) with illegal/corrupted signatures
E: Handler silently failed

msg363 (view) Author: netmask Date: 2006-02-12.18:15:17

I'm not sure if it does exactly what you want it to do, but there is currently
an option that you can try:

smart -o rpm-check-signatures=true install <pkg>

Could you check it?

msg262 (view) Author: rbos Date: 2006-01-22.20:39:46

add rpm package gpg signature checking. Attached is a script that does
the same thing for apt. It would be nice to be able to configure signature
checking in a config file with e.g. yes or no.
It would be nice to be able to enable (--checksig) or disable (--no-checksig)
on the command line.

Attached is a apt script that does the same thing.

Tags:

Revision history for this message

Rehan Khan (rasker) wrote on 2008-07-04:

gpg-checker.lua Edit (1.2 KiB, text/plain)

Rehan Khan (rasker) on 2008-07-04

Changed in smart:
importance:	Undecided → Wishlist

Anders F Björklund (afb) on 2008-11-11

Changed in smart:
milestone:	none → 1.2

Anders F Björklund (afb) on 2010-01-31

Changed in smart:
status:	New → Fix Committed

Anders F Björklund (afb) on 2010-03-03

Changed in smart:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

gpg-checker.lua Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.