On 10/02/2017 01:00 AM, Otavio Salvador wrote:
NAK both patches, I'm afraid. gpgcheck and repo_gpgcheck are two different
options, which control different things, and you thoroughly confused them
here.
I did test both patches and this is not what I figured. Did you test it?
Again, 'gpcheck' option has nothing to do with verifying signed package
feeds. NAK.
Oh really? so tell me why it fixed my error?
Without this patch I need to use:
dnf install --nogpgcheck <pkg>
and it is sub-optimal as I did not enabled signed support.
Oe-core has support for two different things:
1. Signing and verifying individual package files. This feature is
controlled by RPM_SIGN_PACKAGES option in build configuration and dnf's
gpgcheck config file option at runtime.
2. Signing and verifying repository metadata. This feature is controlled
by PACKAGE_FEED_SIGN option and repo_gpgcheck config file option
respectively.
The above two things are completely orthogonal, and can be enabled and
disabled independently of each other. Now please look at your patches
keeping this in mind.
I assure you, both of the patches are incorrect. Exactly why is left as
an exercise for the reader.
Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
