[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Online_update



> I am trying to make a patch to install an update on my set of suse 8.1
> machines from my local update server.
>
> I have made a build-key for myself, I have added it to
> /usr/lib/rpm/gnupg/pubring.gpg
> I have signed the patch file and the rpm with this build key.
You don't need to sign the patch file. There are only a few places where
signing of the patch file is actually useful (script for version
comparison, that might do something malicious).

I'd take a look at fou4s. [http://fou4s.gaugusch.at]
If you add the gpg key as fully trusted key to the RPM keyring, fou4s will
do updates like this automatic. Fou4s checks the signature of the patch
description file only when it is useful and therefore makes it easier to
write own patch files.

Markus
-- 
__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here