我有两个几乎完全相同的openSuSE 12.3虚拟机,snip
和snap
。
今天在更新它们时,一个要求确认一个新的repository or package signing key
,而另一个则没有。
我要确保自己没有做错任何事情(以防万一其中一种受到损害),特别是由于系统不要求输入密钥表明所有存储库都是最新的。
因此:
系统要求信任密钥:
snap:/home/jeroenp # zypper repos -d
# | Alias | Name | Enabled | Refresh | Priority | Type | URI | Service
---+---------------------------+------------------------------------+---------+---------+----------+--------+-------------------------------------------------------------------------------------------------+--------
1 | Security_-_openSUSE_12.3 | Security - openSUSE 12.3 | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/security/openSUSE_12.3/ |
2 | openSUSE-12.3-1.6 | openSUSE-12.3-1.6 | Yes | No | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-VMware_Virtual_IDE_CDROM_Drive_10000000000000000001,/dev/sr0 |
3 | repo-debug | openSUSE-12.3-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/distribution/12.3/repo/oss/ |
4 | repo-debug-update | openSUSE-12.3-Update-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3/ |
5 | repo-debug-update-non-oss | openSUSE-12.3-Update-Debug-Non-Oss | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3-non-oss/ |
6 | repo-non-oss | openSUSE-12.3-Non-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/non-oss/ |
7 | repo-oss | openSUSE-12.3-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/oss/ |
8 | repo-source | openSUSE-12.3-Source | No | Yes | 99 | NONE | http://download.opensuse.org/source/distribution/12.3/repo/oss/ |
9 | repo-update | openSUSE-12.3-Update | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3/ |
10 | repo-update-non-oss | openSUSE-12.3-Update-Non-Oss | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3-non-oss/ |
snap:/home/jeroenp # zypper update
Retrieving repository 'Security - openSUSE 12.3' metadata ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[\]
New repository or package signing key received:
Key ID: 69D1B2AAEE3D166A
Key Name: security OBS Project <[email protected]>
Key Fingerprint: AAF3EB044C49C402A9E7B9AE69D1B2AAEE3D166A
Key Created: Mon May 26 11:04:43 2014
Key Expires: Wed Aug 3 11:04:42 2016
Repository: Security - openSUSE 12.3
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): ^Csnap:/home/jeroenp # ^C
snap:/home/jeroenp #
系统不要求信任密钥:
snip:/home/jeroenp # zypper repos -d
# | Alias | Name | Enabled | Refresh | Priority | Type | URI | Service
---+---------------------------+------------------------------------+---------+---------+----------+--------+-------------------------------------------------------------------------------------------------+--------
1 | Security_-_openSUSE_12.3 | Security - openSUSE 12.3 | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/security/openSUSE_12.3/ |
2 | openSUSE-12.3-1.6 | openSUSE-12.3-1.6 | Yes | No | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-VMware_Virtual_IDE_CDROM_Drive_10000000000000000001,/dev/sr0 |
3 | repo-debug | openSUSE-12.3-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/distribution/12.3/repo/oss/ |
4 | repo-debug-update | openSUSE-12.3-Update-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3/ |
5 | repo-debug-update-non-oss | openSUSE-12.3-Update-Debug-Non-Oss | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3-non-oss/ |
6 | repo-non-oss | openSUSE-12.3-Non-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/non-oss/ |
7 | repo-oss | openSUSE-12.3-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/oss/ |
8 | repo-source | openSUSE-12.3-Source | No | Yes | 99 | NONE | http://download.opensuse.org/source/distribution/12.3/repo/oss/ |
9 | repo-update | openSUSE-12.3-Update | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3/ |
10 | repo-update-non-oss | openSUSE-12.3-Update-Non-Oss | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3-non-oss/ |
snip:/home/jeroenp # zypper update
Loading repository data...
Reading installed packages...
The following package update will NOT be installed:
libudev0
Nothing to do.
snip:/home/jeroenp # snip:/home/jeroenp # zypper refreshRepository 'Security - openSUSE 12.3' is up to date.
Repository 'openSUSE-12.3-1.6' is up to date.
Repository 'openSUSE-12.3-Non-Oss' is up to date.
Repository 'openSUSE-12.3-Oss' is up to date.
Repository 'openSUSE-12.3-Update' is up to date.
Repository 'openSUSE-12.3-Update-Non-Oss' is up to date.
All repositories have been refreshed.
snip:/home/jeroenp #
在openSuSE论坛上,用户Robi Listas给了我一个答案的开始,我完成了。这是摘要:
Zypper不会公开密钥的位置,但是openSuSE上的存储库密钥文件在/var/cache/zypp/raw/*/repodata
哪里*
,您可以从中获取列表中存储库的别名zypper repos
。
我写了一个小的bash repomd_test.sh基于脚本的Tojaj脚本,你可以这样调用每个repodata
目录:
for d in /var/cache/zypp/raw/*/repodata; do ~/repomd_test.sh $d; done
这些目录中的每一个都有三个文件:
repomd.xml
签名的存储库文件(这是XML)repomd.xml.asc
的ASCII“装甲”签名 repomd.xml
repomd.xml.key
用于创建repomd.xml.asc
签名的ASCII公钥然后,对于仓库数据,它会将_添加repomd.xml.key
到密钥环,然后验证repomd.xml
确实与repomd.xml.asc
签名相对应,并打印指纹和元信息(例如到期)。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句