Results 1 to 9 of 9

Thread: zypper ignoring the "--allow-unsigned-rpm" option

  1. #1

    Default zypper ignoring the "--allow-unsigned-rpm" option

    I have a couple of programs that are distributed cryptographically unsigned. I use a script to install updates; it is run once a week. To update the unsigned packages I added the "--allow-unsigned-rpm" option. It is ignored by zypper. The "install" command is used instead of "update" since update does not have the unsigned option.

    Where have I gone astray?

    Code:
    $ zypper help install
    install (in) [OPTIONS] <CAPABILITY|RPM_FILE_URI> ...
        --allow-unsigned-rpm    Silently install unsigned rpm packages given as commandline parameters.
                                Default: false
    Code:
    zypper --non-interactive --ignore-unknown --no-cd install --auto-agree-with-licenses --allow-unsigned-rpm jalbum
    yields

    Code:
    1 package to upgrade.
    Overall download size: 99.5 MiB. Already cached: 0 B. After the operation, additional 16.8 MiB will be used.
    Continue? [y/n/v/...? shows all options] (y): y
    Retrieving package jalbum-18.3-1.x86_64 (1/1),  99.5 MiB (233.8 MiB unpacked)
    Retrieving: jalbum-18.3-1.x86_64.rpm [......done (569.7 KiB/s)]
    jalbum-18.3-1.x86_64.rpm:
        Package is not signed!
    
    jalbum-18.3-1.x86_64 (jalbum): Signature verification failed [6-File is unsigned]
    Abort, retry, ignore? [a/r/i] (a): a
    Problem occurred during or after installation or removal of packages:
    Installation has been aborted as directed.
    Please see the above error message for a hint.

  2. #2
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,039
    Blog Entries
    14

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    Choose 'i" for ignore. No other way you can install this package. I wouldn't, but it's your system. :-)
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  3. #3

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    Quote Originally Posted by Knurpht View Post
    Choose 'i" for ignore.
    The command in a script, hence the "--non-interactive" option.
    AIUI using the "--allow-unsigned-rpm" option should prevent this:
    Code:
    jalbum-18.3-1.x86_64 (jalbum): Signature verification failed [6-File is unsigned]
    Abort, retry, ignore? [a/r/i] (a): a
    Or should insert "i" instead of "a"?

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,378

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    Quote Originally Posted by jimoe666 View Post

    Code:
    zypper --non-interactive --ignore-unknown --no-cd install --auto-agree-with-licenses --allow-unsigned-rpm jalbum
    There is no zypper command there, I assume you forgot the install.

    This is why we ask to copy/paste complete from your terminal: prompt and command line, lines of output and new prompt line. No changes, no shortcuts. Only so will people trust that they see exactly what you saw.
    Henk van Velden

  5. #5

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    Quote Originally Posted by hcvv View Post
    There is no zypper command there, I assume you forgot the install.
    The install command there
    Code:
    zypper --non-interactive --ignore-unknown --no-cd install --auto-agree-with-licenses --allow-unsigned-rpm jalbum

  6. #6

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    An alternate method for achieving the update of unsigned packages is to modify the repo.
    Code:
    zypper modifyrepo --gpgcheck-allow-unsigned-package <repo-name>
    Since, in this case, there is only one package distributed by the repo, the risk seems minimal.

  7. #7
    Join Date
    Sep 2012
    Posts
    5,230

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    This option applies to RPM package files that are installed directly. There is no option to override configured repository behavior during installation of individual package from it, you can only disable GPG check globally for the whole repository.

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,378

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    Quote Originally Posted by jimoe666 View Post
    The install command there
    Code:
    zypper --non-interactive --ignore-unknown --no-cd install --auto-agree-with-licenses --allow-unsigned-rpm jalbum
    Sorry, see it now. It is rather hidden between the general and the command specific options, but nevertheless, i should have seen it.
    Henk van Velden

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,462
    Blog Entries
    2

    Default Re: zypper ignoring the "--allow-unsigned-rpm" option

    Code:
    zyppper in --allow-unsigned-rpm package_name
    That's an interesting option that seems to be rather new, it's not mentioned in any older versions of zypper.
    Maybe it's buggy.

    On the other hand, it's my impression that normally when an unsigned package is encountered(or any other minor defect) the User is prompted to confirm installation and the default is to accept.
    If that's the case, then the option to automatically accept should work which has always existed
    Code:
    zypper -n in -y package_name
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •