users:werner:getrepokeys_en
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende Überarbeitung | |||
users:werner:getrepokeys_en [2008-04-18 0727] – werner | users:werner:getrepokeys_en [2008-04-18 0734] (aktuell) – typo werner | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Importing of GPG-Keys ====== | ||
+ | ===== Why? ===== | ||
+ | |||
+ | |||
+ | On 2008-01-23 openSUSE-Project decided to use separate keys for each project instead of one common key that was used until then. The respective key is delivered with the first update of a project, so that every user must import the keys by and by. Depending on the number of keys, this may be a tedious work ;-) | ||
+ | |||
+ | Bernhard Walle, member of openSUSE project team, has written an import script (in Python), that is available via | ||
+ | [[http:// | ||
+ | |||
+ | First all repositories are collected, then the respective keys are searched, and in a third step the keys are imported. I had the problem that one repo had no key, so the script hit the wall. Since I did not succeed in modifying Bernhard' | ||
+ | |||
+ | ===== The script ===== | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | |||
+ | TEMPREPO="/ | ||
+ | TEMPKEY="/ | ||
+ | |||
+ | # the base URL we search on | ||
+ | # new: use more than one base URL for your repositories: | ||
+ | URLLIST=" | ||
+ | URLLIST=" | ||
+ | |||
+ | for SOS_URL in $URLLIST; do | ||
+ | SOS_LEN=$(expr length " | ||
+ | # only URLs containing $SOS_URL please: | ||
+ | URLLIST=$(smart channel --show | grep ^baseurl | cut -d' ' -f 3 | grep " | ||
+ | |||
+ | for URL in $URLLIST; do | ||
+ | # make sure we have a trailing slash | ||
+ | echo " | ||
+ | |||
+ | # inside the directory should be a .repo file | ||
+ | # so we try to find its name | ||
+ | # substring handling is somewhat #+@%$&# in bash... | ||
+ | URLAST=${URL#" | ||
+ | URLAST=$(echo " | ||
+ | |||
+ | # ...finally... | ||
+ | rm -f " | ||
+ | wget -q " | ||
+ | # REPO file exists and is not zero sized? | ||
+ | if [ ! -f " | ||
+ | echo "Error getting REPO file for $URLAST from $URL" | ||
+ | continue | ||
+ | fi | ||
+ | |||
+ | # now we read the URL of the keyfile from the repo file | ||
+ | KEYURL=$(grep ^gpgkey " | ||
+ | if [ -z " | ||
+ | echo "No key for $URLAST detected" | ||
+ | continue | ||
+ | fi | ||
+ | |||
+ | # download it... | ||
+ | rm -f " | ||
+ | wget -q " | ||
+ | if [ ! -f " | ||
+ | echo "Error getting keyfile $KEYURL for $URLAST" | ||
+ | continue | ||
+ | fi | ||
+ | |||
+ | # identify it, maybe it is already there | ||
+ | KEYID=$(gpg " | ||
+ | INSTALLEDKEYS=$(LANG=C rpm -q " | ||
+ | DOINSTALL=0 | ||
+ | echo $INSTALLEDKEYS | grep 'is not installed' | ||
+ | |||
+ | # so, at the very end, import it - or not :-) | ||
+ | if [ $DOINSTALL -eq 1 ]; then | ||
+ | echo " | ||
+ | rpm --import " | ||
+ | # if you use apt in parallel, you will love the next line ;-) | ||
+ | gpg --import " | ||
+ | else | ||
+ | echo "Key $KEYID for $URLAST already imported" | ||
+ | fi | ||
+ | done | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | ===== Remarks ===== | ||
+ | |||
+ | The script asks smart for all repositories (whether they are diabled or not), then checks them for opensuse.org (one may change the SOS_URL to http:// | ||
+ | |||
+ | <code bash> | ||
+ | # smart channel --show | grep ^baseurl | grep download.opensuse.org/ | ||
+ | 392 | ||
+ | </ | ||
+ | |||
+ | It works for me with 392 repositories :-) | ||
+ | |||
+ | This page is available [[users: |
users/werner/getrepokeys_en.txt · Zuletzt geändert: 2008-04-18 0734 von werner