Apologies for not knowing this, which should be pretty simple…
From time to time if I need to get a package that is not available in the regular repos, but is only available from someone’s community repository on the build service. I have from time to time either added their repo or just downloaded the package I was looking for.
But one thing consistently eludes me - where do I find the gpg signing key so that I can import it? I feel like I compromise my system if I just ignore the signing key and install it regardless.
All the instructions I have found seem to be only about how to set up the proper signing key if you are a builder of packages, not if you are a regular user like me that just wants to download someone else’s package.
I think it does that if I add the whole repository, but not if I want to just download a single package.
Here is an example, and this pretty much works for any package that I have downloaded for the build service.
I downloaded libdvdcss2 from someone’s repo because I don’t want to add his/her entire repo, but just install the single package.
> zypper in libdvdcss2
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
libdvdcss2
1 new package to install.
Overall download size: 71.4 KiB. Already cached: 0 B. After the operation, additional 177.3 KiB will be used.
**Continue? [y/n/v/...? shows all options] (y): **y
Retrieving package libdvdcss2-1.4.3-4.2.x86_64 (1/1), 71.4 KiB (177.3 KiB unpacked)
libdvdcss2-1.4.3-4.2.x86_64.rpm:
Header V3 RSA/SHA256 Signature, key ID 98ebc913390e2d7d: NOKEY
V3 RSA/SHA256 Signature, key ID 98ebc913390e2d7d: NOKEY
warning: /home/george/Downloads/AASyncToDell/libdvdcss/libdvdcss2-
So on downloading the package, there is nothing there that asks if I can import the package signing key. I can try adding the repo for this single package, which will then offer to import the signing key, but it seems like overkill. Not only that, the build service offers the option of downloading the single package instead of adding the entire repo, only to remove it after installing the package you need. So it seems like if the build service says that you can download a single package, there must be some easy way to import the gpg key for build service packages, but I can’t figure out where that is.
So you chose expert option and then complain that expert option is too complicated.
URL to GPG key for each repository is the value of gpgkey in file <project name>.repo in root directory of this repository. Download file, extract value of gpgkey, download key. This can easily be automated.
Or use osc as I already told you. Is not that difficult either.
