Open amotl opened 5 months ago
@matriv suggested:
Isn't there a way for Suse to skip this verification, and only verify the package itself? The signing of the repo data is optional (at least for Centos and Redhat).
There is a corresponding setting, right. It is called repo_gpgcheck=0
, or, alternatively, use the zypper parameter --gpgcheck-allow-unsigned-repo
.
When adding repo_gpgcheck=0
to /etc/zypp/repos.d/cratedb.repo
, there is an error:
Signature verification failed [4-Signatures public key is not available]
Public key must be imported upfront.
rpm --import https://cdn.crate.io/downloads/yum/RPM-GPG-KEY-crate
zypper parameter --gpg-auto-import-keys
did not work.
zypper --plus-content=cratedb-ce-stable install -y crate
Temporarily enabling repository 'CrateDB RPM package repository - x86_64 - Stable'. [--plus-content]
Retrieving repository 'CrateDB RPM package repository - x86_64 - Stable' metadata ........................................................................................................[done]
Building repository 'CrateDB RPM package repository - x86_64 - Stable' cache .............................................................................................................[done]
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
crate
1 new package to install.
Overall download size: 127.0 MiB. Already cached: 0 B. After the operation, additional 235.1 MiB will be used.
Backend: classic_rpmtrans
Continue? [y/n/v/...? shows all options] (y): y
Retrieving: crate-5.7.0-1.x86_64 (CrateDB RPM package repository - x86_64 - Stable) (1/1), 127.0 MiB
Retrieving: crate-5.7.0-1.x86_64.rpm .........................................................................................................................................[done (6.0 MiB/s)]
crate-5.7.0-1.x86_64.rpm:
Header V4 RSA/SHA256 Signature, key ID 7faae51a06f6eaeb: NOKEY
V4 RSA/SHA256 Signature, key ID 7faae51a06f6eaeb: NOKEY
warning: /var/tmp/AP_0xML3p6q/crate-5.7.0-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 06f6eaeb: NOKEY
Looking for gpg key ID 06F6EAEB in cache /var/cache/zypp/pubkeys.
Looking for gpg key ID 06F6EAEB in repository CrateDB RPM package repository - x86_64 - Stable.
gpgkey=https://cdn.crate.io/downloads/yum/RPM-GPG-KEY-crate
Retrieving: RPM-GPG-KEY-crate ...........................................................................................................................................................[error]
crate-5.7.0-1.x86_64 (CrateDB RPM package repository - x86_64 - Stable): Signature verification failed [4-Signatures public key is not available]
Abort, retry, ignore? [a/r/i] (a): a
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.
Please see the above error message for a hint.
CrateDB on SUSE in a nutshell.
Use that config in /etc/zypp/repos.d/cratedb.repo
.
[cratedb-ce-stable]
name=CrateDB RPM package repository - $basearch - Stable
baseurl=https://cdn.crate.io/downloads/yum/7/$basearch
enabled=0
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://cdn.crate.io/downloads/yum/RPM-GPG-KEY-crate
autorefresh=1
type=rpm-md
[cratedb-ce-testing]
name=CrateDB RPM package repository - $basearch - Testing
baseurl=https://cdn.crate.io/downloads/yum/testing/7/$basearch
enabled=0
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://cdn.crate.io/downloads/yum/RPM-GPG-KEY-crate
autorefresh=1
type=rpm-md
Use that command to import the public GPG key, in order to make signature validation work.
rpm --import https://cdn.crate.io/downloads/yum/RPM-GPG-KEY-crate
Finally, use those commands to install and start CrateDB.
zypper --plus-content=cratedb-ce-stable install -y crate
systemctl start crate
Thx a lot @amotl, see: https://github.com/crate/distribute/pull/680
Excellent. Thanks for adding software tests!
Hi again. Coming from GH-71, we wanted to report that installation on SUSE and derivates fails with an error about signing.
Problem