users:werner:getrepokeys_en
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen RevisionVorhergehende Überarbeitung | |||
| users:werner:getrepokeys_en [2008-04-18 0727] – werner | users:werner:getrepokeys_en [2008-04-18 0734] (aktuell) – typo werner | ||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| + | ====== Importing of GPG-Keys ====== | ||
| + | ===== Why? ===== | ||
| + | |||
| + | |||
| + | On 2008-01-23 openSUSE-Project decided to use separate keys for each project instead of one common key that was used until then. The respective key is delivered with the first update of a project, so that every user must import the keys by and by. Depending on the number of keys, this may be a tedious work ;-) | ||
| + | |||
| + | Bernhard Walle, member of openSUSE project team, has written an import script (in Python), that is available via | ||
| + | [[http:// | ||
| + | |||
| + | First all repositories are collected, then the respective keys are searched, and in a third step the keys are imported. I had the problem that one repo had no key, so the script hit the wall. Since I did not succeed in modifying Bernhard' | ||
| + | |||
| + | ===== The script ===== | ||
| + | |||
| + | <code bash> | ||
| + | #!/bin/bash | ||
| + | |||
| + | TEMPREPO="/ | ||
| + | TEMPKEY="/ | ||
| + | |||
| + | # the base URL we search on | ||
| + | # new: use more than one base URL for your repositories: | ||
| + | URLLIST=" | ||
| + | URLLIST=" | ||
| + | |||
| + | for SOS_URL in $URLLIST; do | ||
| + | SOS_LEN=$(expr length " | ||
| + | # only URLs containing $SOS_URL please: | ||
| + | URLLIST=$(smart channel --show | grep ^baseurl | cut -d' ' -f 3 | grep " | ||
| + | |||
| + | for URL in $URLLIST; do | ||
| + | # make sure we have a trailing slash | ||
| + | echo " | ||
| + | |||
| + | # inside the directory should be a .repo file | ||
| + | # so we try to find its name | ||
| + | # substring handling is somewhat #+@%$&# in bash... | ||
| + | URLAST=${URL#" | ||
| + | URLAST=$(echo " | ||
| + | |||
| + | # ...finally... | ||
| + | rm -f " | ||
| + | wget -q " | ||
| + | # REPO file exists and is not zero sized? | ||
| + | if [ ! -f " | ||
| + | echo "Error getting REPO file for $URLAST from $URL" | ||
| + | continue | ||
| + | fi | ||
| + | |||
| + | # now we read the URL of the keyfile from the repo file | ||
| + | KEYURL=$(grep ^gpgkey " | ||
| + | if [ -z " | ||
| + | echo "No key for $URLAST detected" | ||
| + | continue | ||
| + | fi | ||
| + | |||
| + | # download it... | ||
| + | rm -f " | ||
| + | wget -q " | ||
| + | if [ ! -f " | ||
| + | echo "Error getting keyfile $KEYURL for $URLAST" | ||
| + | continue | ||
| + | fi | ||
| + | |||
| + | # identify it, maybe it is already there | ||
| + | KEYID=$(gpg " | ||
| + | INSTALLEDKEYS=$(LANG=C rpm -q " | ||
| + | DOINSTALL=0 | ||
| + | echo $INSTALLEDKEYS | grep 'is not installed' | ||
| + | |||
| + | # so, at the very end, import it - or not :-) | ||
| + | if [ $DOINSTALL -eq 1 ]; then | ||
| + | echo " | ||
| + | rpm --import " | ||
| + | # if you use apt in parallel, you will love the next line ;-) | ||
| + | gpg --import " | ||
| + | else | ||
| + | echo "Key $KEYID for $URLAST already imported" | ||
| + | fi | ||
| + | done | ||
| + | done | ||
| + | </ | ||
| + | |||
| + | ===== Remarks ===== | ||
| + | |||
| + | The script asks smart for all repositories (whether they are diabled or not), then checks them for opensuse.org (one may change the SOS_URL to http:// | ||
| + | |||
| + | <code bash> | ||
| + | # smart channel --show | grep ^baseurl | grep download.opensuse.org/ | ||
| + | 392 | ||
| + | </ | ||
| + | |||
| + | It works for me with 392 repositories :-) | ||
| + | |||
| + | This page is available [[users: | ||
users/werner/getrepokeys_en.txt · Zuletzt geändert: 2008-04-18 0734 von werner