Benutzer-Werkzeuge

Webseiten-Werkzeuge


users:werner:getrepokeys_en

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
users:werner:getrepokeys_en [2008-04-18 0727]
werner
users:werner:getrepokeys_en [2008-04-18 0734] (aktuell)
werner typo
Zeile 1: Zeile 1:
 +====== Importing of GPG-Keys ======
  
 +===== Why? =====
 +
 +
 +On 2008-01-23 openSUSE-Project decided to use separate keys for each project instead of one common key that was used until then. The respective key is delivered with the first update of a project, so that every user must import the keys by and by. Depending on the number of keys, this may be a tedious work ;-)
 +
 +Bernhard Walle, member of openSUSE project team, has written an import script (in Python), that is available via
 +[[http://www.bwalle.de/programme/scripts/smart_fetch_keys_buildservice]]. This script searches the repositories you have defined in smart, and if they are on opensuse.org, the respective key is fetched.
 +
 +First all repositories are collected, then the respective keys are searched, and in a third step the keys are imported. I had the problem that one repo had no key, so the script hit the wall. Since I did not succeed in modifying Bernhard's script, I wrote a shellscript to do this task:
 +
 +===== The script =====
 +
 +<code bash>
 +#!/bin/bash
 +
 +TEMPREPO="/tmp/search.repo"
 +TEMPKEY="/tmp/keyfile"
 +
 +# the base URL we search on
 +# new: use more than one base URL for your repositories:
 +URLLIST="http://download.opensuse.org/repositories/ ftp://ftp5.gwdg.de/pub/opensuse/repositories/"
 +URLLIST="$URLLIST http://software.opensuse.org/download/"
 +
 +for SOS_URL in $URLLIST; do
 +  SOS_LEN=$(expr length "$SOS_URL")
 +  # only URLs containing $SOS_URL please:
 +  URLLIST=$(smart channel --show | grep ^baseurl | cut -d' ' -f 3 | grep "$SOS_URL" | sort)
 +
 +  for URL in $URLLIST; do
 +    # make sure we have a trailing slash
 +    echo "$URL" | grep \/$ >/dev/null 2>&1 || URL="$URL/"
 +
 +    # inside the directory should be a .repo file
 +    # so we try to find its name
 +    # substring handling is somewhat #+@%$&# in bash...
 +    URLAST=${URL#"$SOS_URL"}
 +    URLAST=$(echo "$URLAST" | rev | cut -d'/' -f 3- | rev | tr -d '/')
 +
 +    # ...finally...
 +    rm -f "$TEMPREPO"
 +    wget -q "${URL}${URLAST}.repo" -O "$TEMPREPO" 2>&1 >/dev/null
 +    # REPO file exists and is not zero sized?
 +    if [ ! -f "$TEMPREPO" -o ! -s "$TEMPREPO" ]; then
 +      echo "Error getting REPO file for $URLAST from $URL"
 +      continue
 +    fi
 +
 +    # now we read the URL of the keyfile from the repo file
 +    KEYURL=$(grep ^gpgkey "$TEMPREPO" | cut -d'=' -f 2)
 +    if [ -z "$KEYURL" ]; then
 +      echo "No key for $URLAST detected"
 +      continue
 +    fi
 +
 +    # download it...
 +    rm -f "$TEMPKEY"
 +    wget -q "$KEYURL" -O "$TEMPKEY" 2>&1 >/dev/null
 +    if [ ! -f "$TEMPKEY" ]; then
 +      echo "Error getting keyfile $KEYURL for $URLAST"
 +      continue
 +    fi
 +
 +    # identify it, maybe it is already there
 +    KEYID=$(gpg "$TEMPKEY" | cut -d'/' -f 2 | cut -d' ' -f 1 | tr 'A-Z' 'a-z')
 +    INSTALLEDKEYS=$(LANG=C rpm -q "gpg-pubkey-$KEYID" 2>/dev/null)
 +    DOINSTALL=0
 +    echo $INSTALLEDKEYS | grep 'is not installed' >/dev/null 2>&1 && DOINSTALL=1
 +
 +    # so, at the very end, import it - or not :-)
 +    if [ $DOINSTALL -eq 1 ]; then
 +      echo "Importing key $KEYID for $URLAST"
 +      rpm --import "$TEMPKEY"
 +      # if you use apt in parallel, you will love the next line ;-)
 +      gpg --import "$TEMPKEY"
 +    else
 +      echo "Key $KEYID for $URLAST already imported"
 +    fi
 +  done
 +done
 +</code>
 +
 +===== Remarks =====
 +
 +The script asks smart for all repositories (whether they are diabled or not), then checks them for opensuse.org (one may change the SOS_URL to http://software.opensuse.org/repositories/, or to ftp://ftp5.gwdg.de/pub/opensuse/repositories/, it will also work). Other than Bernhard's script, I check the URLs sequentially for a key and import it (if it is not already there); I do not import them all together. But of course, all the tricks are shamelessly stolen from his script ;-)
 +
 +<code bash>
 +# smart channel --show | grep ^baseurl | grep download.opensuse.org/repositories | wc -l
 +392
 +</code>
 +
 +It works for me with 392 repositories :-)
 +
 +This page is available [[users:werner:getrepokeys|in deutsch]] also.
users/werner/getrepokeys_en.txt · Zuletzt geändert: 2008-04-18 0734 von werner