[OE-core] [PATCH 1/2] lib/oe/package_manager.py (rpm): Signature check is enabled by default

Otavio Salvador otavio.salvador at ossystems.com.br
Mon Oct 2 14:19:14 UTC 2017

On Mon, Oct 2, 2017 at 10:56 AM, Alexander Kanavin
<alexander.kanavin at linux.intel.com> wrote:
> On 10/02/2017 04:09 PM, Otavio Salvador wrote:
>> I assure you I did test both patches. I leave as an exercise to you to
>> show me what it breaks.
>> Also, keeping "exercises" for contributors is not something which
>> helps to gather more contributions. It solved the dnf install
>> requirement for my test and seems to be the right thing to do. I may
>> be missing something but please point it or give me a case test.
> The first patch is removing the addition of 'repo_gpgcheck=1' option to dnf
> config gile when repo feed signing/verification is enabled. Dnf does not
> enable that feature by default, and so the option must be present in dnf
> config file when repo feed signature verification is in use.
> The second patch adds 'gpgcheck=0' when repo feed signing is disabled, which
> will also disable package verification at runtime, ignoring the altogether
> different build setting controlling that. As I've already explained to you,
> package signing and feed signing are two different things, with their own
> sets of options.
> Test case 1:
> - enable feed signing, check that resulting dnf.conf file has feed
> verification (repo_gpgcheck option) enabled
> Test case 2:
> - enable package signing, disable package feed signing, check that the
> resulting dnf.conf file has package verification enabled.
> Both test cases will fail with your patches.

I sent a v2 making it clear it disabled package signature check. It
works for my test case. I dropped the repo_gpgcheck removal patch.

Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

More information about the Openembedded-core mailing list