Re: FYI: adding own RPMs to a SLES10 inst. source

Hi,

here is some additional information about the process of adding own RPMs
to a SLES10/SL10.1 installation source.

In the post-beta10/RC1 phase a security feature was invented, that the
installer accepts only signed files on the installation source. If yast detects
unsigned files during a manual installation, it'll ask the user what to do.

For autoyast I have implemented a new section to configure the default
behaviour (the answers) for those questions.

<general>
  <signature-handling>
      <accept_unsigned_file         
config:type="boolean">true</accept_unsigned_file>
      <accept_file_without_checksum 
config:type="boolean">true</accept_file_without_checksum>
      <accept_verification_failed   
config:type="boolean">true</accept_verification_failed>
      <accept_unknown_gpg_key       
config:type="boolean">true</accept_unknown_gpg_key>
  </signature-handling>

If you don't configure one of those values, autoyast will let yast
decide what to do with the missing one. That might differ from product
to product but I guess the default for SLES10 is "false" to all.

If you want to use unsigned installation sources with unsigned RPMs,
set accept_unsigned_file and accept_file_without_checksum to "true".

If you want to accept signed RPMs even if the verficiation of the signature 
fails, 
set accept_verification_failed to true (I don't recommend that by the way).

If you want to import a new gpg key to the database (maybe your own one), set
accept_unknown_gpg_key to true.

The <signature-handling> section is available with RC3.

-- 
ciao, Uwe Gansert

Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg, Germany
e-mail: uwe.gansert@xxxxxxx, Tel: +49-(0)911-74053-0,
Fax: +49-(0)911-74053-476, Web: http://www.suse.de