Where are the imported keys when adding external repo located?

English Install/Boot/Login
1

When I select “yes” to “Import Untrusted GnuPG Key” and “Unknown GnuPG Key”, where are these keys located, so I could copy it and save it?

This sound a bit weird, but I’m am playing with KIWI to build my own openSUSE TW spin. I add 3rd party repo, but in the very beginning that YaST package management was launch, it will import keys from 3rd party repo and ask if I trust it.

I just want to remove that completely (for only those repo that I add myself), so I will not be ask again when install on a new computer.

I thinking of copying the keys and the configs of the 3rd party repo, but not sure where is it. Thanks.

2

I’m not sure exactly where they are stored, but it is something to do “rpm” and its data.

You can list all of the keys with Yast Software Repositories (click on gpgkeys). You can install a key with “rpmkeys --import”.

3

Hi
If you set the imageinclude=“true” in config.xml it should import the keys and retain on the image?

There is also an option in config.sh that imports the build key, I’m guessing something similar needs to be done for other repos. I grab a few rpms from my repositories, but have them set to false.

When a repository is added, it adds the key as gpg-pubkey-xxxxxxxx-xxxxxxxx in the rpm database.

4

I’m a bit lost of where is the link to the keys.
For example, I add Packman repo to config.xml.

<repository type=“yast2” alias=“Packman” imageinclude=“true” priority=“99”>
<source path=“http://packman.inode.at/suse/openSUSE_Tumbleweed/”/>
</repository>

and add key to config.sh, I tried putting both key, but it still ask if I want to import key.
suseImportBuildKey http://packman.inode.at/suse/openSUSE_Tumbleweed/repodata/repomd.xml.key
suseImportBuildKey http://packman.inode.at/suse/openSUSE_Tumbleweed/

5

I think I solved it, just put the keys into /root/usr/lib/rpm/gnupg/keys/

6

Last I checked,
on the client side the key is written into the repo configuration file, it’s not kept somewhere else.

But,
With openSUSE,
Unlike other distros you can be shielded from having to do anything with managing keys (ie manually installing, configuring, even knowing where and how keys are stored)

Info is in the zypper MAN pages, but is also in my zypper Wiki on most common commands used in scripted installs
https://en.opensuse.org/User:Tsu2/BASH_zypper

And, an example how to add a repo, automatically accept and install repo keys and more…
https://github.com/putztzu/lc0/blob/master/install_openSUSE_lc0.sh

TSU

7

Hi
With kiwi and images, that’s not how the workflow runs… the image is built by adding the specified repositories, downloading and adding packages to the image as required. The user can either set to remain with the image or not.

For example, I grab some packages from my testing repository, but only active for building (as in adding the requested packages), the repository is not included in the image when run;


    <repository type="yast2" alias="Testing" imageinclude="false">
        <source path="https://download.opensuse.org/repositories/home:/malcolmlewis:/TESTING/openSUSE_Tumbleweed/"/>
    </repository>
8

Perhaps I should review the recommended way to add a Kiwi repository,
I can certainly see how declaring a repository can work,
I guess my personal approach to the Kiwi projects I worked on was not too different than creating a Dockerfile,
I scripted the setup (rather than declared) repositories and they worked just fine.

TSU