Opensuse
zypper 在哪里安裝儲存庫或包簽名密鑰?
我有兩個幾乎相同的 openSuSE 12.3 虛擬機,
snip和snap.今天更新它們時,一個要求確認一個新
repository or package signing key的,另一個沒有。我想確保我沒有做錯任何事情(以防其中一個以某種方式受到損害),特別是因為系統不要求密鑰表明所有儲存庫都是最新的。
所以:
- zypper 在哪里安裝這些密鑰?
- 如何列出已安裝的密鑰?
- 如何驗證這些密鑰確實有效?
系統要求信任密鑰:
snap:/home/jeroenp # zypper repos -d # | Alias | Name | Enabled | Refresh | Priority | Type | URI | Service ---+---------------------------+------------------------------------+---------+---------+----------+--------+-------------------------------------------------------------------------------------------------+-------- 1 | Security_-_openSUSE_12.3 | Security - openSUSE 12.3 | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/security/openSUSE_12.3/ | 2 | openSUSE-12.3-1.6 | openSUSE-12.3-1.6 | Yes | No | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-VMware_Virtual_IDE_CDROM_Drive_10000000000000000001,/dev/sr0 | 3 | repo-debug | openSUSE-12.3-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/distribution/12.3/repo/oss/ | 4 | repo-debug-update | openSUSE-12.3-Update-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3/ | 5 | repo-debug-update-non-oss | openSUSE-12.3-Update-Debug-Non-Oss | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3-non-oss/ | 6 | repo-non-oss | openSUSE-12.3-Non-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/non-oss/ | 7 | repo-oss | openSUSE-12.3-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/oss/ | 8 | repo-source | openSUSE-12.3-Source | No | Yes | 99 | NONE | http://download.opensuse.org/source/distribution/12.3/repo/oss/ | 9 | repo-update | openSUSE-12.3-Update | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3/ | 10 | repo-update-non-oss | openSUSE-12.3-Update-Non-Oss | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3-non-oss/ | snap:/home/jeroenp # zypper update Retrieving repository 'Security - openSUSE 12.3' metadata ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[\] New repository or package signing key received: Key ID: 69D1B2AAEE3D166A Key Name: security OBS Project <security@build.opensuse.org> Key Fingerprint: AAF3EB044C49C402A9E7B9AE69D1B2AAEE3D166A Key Created: Mon May 26 11:04:43 2014 Key Expires: Wed Aug 3 11:04:42 2016 Repository: Security - openSUSE 12.3 Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): ^Csnap:/home/jeroenp # ^C snap:/home/jeroenp #系統不要求信任密鑰:
snip:/home/jeroenp # zypper repos -d # | Alias | Name | Enabled | Refresh | Priority | Type | URI | Service ---+---------------------------+------------------------------------+---------+---------+----------+--------+-------------------------------------------------------------------------------------------------+-------- 1 | Security_-_openSUSE_12.3 | Security - openSUSE 12.3 | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/security/openSUSE_12.3/ | 2 | openSUSE-12.3-1.6 | openSUSE-12.3-1.6 | Yes | No | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-VMware_Virtual_IDE_CDROM_Drive_10000000000000000001,/dev/sr0 | 3 | repo-debug | openSUSE-12.3-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/distribution/12.3/repo/oss/ | 4 | repo-debug-update | openSUSE-12.3-Update-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3/ | 5 | repo-debug-update-non-oss | openSUSE-12.3-Update-Debug-Non-Oss | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/12.3-non-oss/ | 6 | repo-non-oss | openSUSE-12.3-Non-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/non-oss/ | 7 | repo-oss | openSUSE-12.3-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/12.3/repo/oss/ | 8 | repo-source | openSUSE-12.3-Source | No | Yes | 99 | NONE | http://download.opensuse.org/source/distribution/12.3/repo/oss/ | 9 | repo-update | openSUSE-12.3-Update | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3/ | 10 | repo-update-non-oss | openSUSE-12.3-Update-Non-Oss | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/12.3-non-oss/ | snip:/home/jeroenp # zypper update Loading repository data... Reading installed packages... The following package update will NOT be installed: libudev0 Nothing to do. snip:/home/jeroenp # snip:/home/jeroenp # zypper refreshRepository 'Security - openSUSE 12.3' is up to date. Repository 'openSUSE-12.3-1.6' is up to date. Repository 'openSUSE-12.3-Non-Oss' is up to date. Repository 'openSUSE-12.3-Oss' is up to date. Repository 'openSUSE-12.3-Update' is up to date. Repository 'openSUSE-12.3-Update-Non-Oss' is up to date. All repositories have been refreshed. snip:/home/jeroenp #
在openSuSE 論壇上,使用者Robi Listas給出了我完成的答案的開頭。這是摘要:
Zypper 不會公開密鑰的位置,但 openSuSE 上的儲存庫密鑰文件在
/var/cache/zypp/raw/*/repodatawhere*是您可以通過的列表中儲存庫的別名zypper repos。我基於 Tojaj 的腳本編寫了一個小型 bash repomd_test.sh腳本,您可以為每個目錄呼叫這樣的腳本:
repodatafor d in /var/cache/zypp/raw/*/repodata; do ~/repomd_test.sh $d; done這些目錄中的每一個都有三個文件:
repomd.xml簽名的儲存庫文件(這是 XML)repomd.xml.ascASCII“盔甲”簽名repomd.xmlrepomd.xml.key用於創建repomd.xml.asc簽名的 ASCII 公鑰然後對於 repodata,它添加
repomd.xml.key到密鑰環,然後驗證repomd.xml確實對應於repomd.xml.asc簽名並列印指紋和元資訊(如過期)。