Thanks for advice!
I tried to put my key into /usr/share/distribution-gpg-keys/local and into
/usr/share/distribution-gpg-keys/centos on both host
system and mock chroot. Regrettably I had the same error.
What's interesting is that this worked properly with mock v 1.4 The problems started
when I upgraded to mock 2.6. Currently I'm
testing on mock 2.8 from epel.
Rgrds,
On 22.01.2021 11:39, Pavel Raiskup wrote:
On Friday, January 22, 2021 8:55:02 AM CET Daniel Mach wrote:
> Isn't the problem that mock uses rpm and dnf from the host environment
> and expects the GPG key to be there too?
That would be good guess, with '--no-bootstrap-chroot'. But nowadays there are
two steps by default:
* Host RPM/DNF installs target RPM/DNF into "bootstrap" chroot
* RPM/DNF from bootstrap is used to install the final chroot
And so the gpg keys need to be available in bootstrap chroot, and
sometimes also on host, depending on use-case.
There's a mock's internal method [1] which copies GPG keys into both
bootstrap and normal chroot, but it only looks at
/usr/share/distribution-gpg-keys - so the easiest way is to put the custom
GPG keys there. Sometimes it might be a good idea to talk to
distribution-gpg-keys [2] maintainer (Mirek Suchý) and include the keys
there by default.
[1]
https://github.com/rpm-software-management/mock/blob/cbee491d6309222e70f5...
[2]
https://github.com/xsuchy/distribution-gpg-keys
Pavel
> The point is that mock has to be able to install into empty chroots and
> that's why it's using package manager and configuration from the host
> environment.
>
> Dne 21. 01. 21 v 21:30 Michael Ivanov napsal(a):
>> Hallo,
>>
>> I have the following problem: I'm trying to install rpm packages, signed
>> with my local key, into mock chroot.
>>
>> I use the following procedure:
>>
>> Create chroot:
>> mock --arch=x86_64 -r rpm/cs8.cfg --init
>> Copy my rpm key file into chroot:
>> mock --arch=x86_64 -r rpm/cs8.cfg --cache-alterations --copyin
>> /etc/pki/rpm-gpg/Local-KEY /etc/pki/rpm-gpg
>> Install my package into chroot:
>> mock --arch=x86_64 -r rpm/cs8.cfg --cache-alterations --install
>> my-rpm-package
>>
>> During package install I get the following error:
>>
>> Curl error (37): Couldn't read a file:// file for
>> file:///etc/pki/rpm-gpg/Local-KEY [Couldn't open file
>> /etc/pki/rpm-gpg/Local-KEY]
>>
>> I check chroot contents with:
>> mock --arch=x86_64 -r rpm/cs8.cfg --shell "ls -l
>> /etc/pki/rpm-gpg/Local-KEY"
>>
>> and it shows me that the file is present. I doublecheck with:
>>
>> ls -l /var/lib/mock/cs8/root/etc/pki/rpm-gpg
>>
>> and this also shows that file is present. The file is also present on
>> host system in /etc/pki/rpm-gpg
>>
>> What I'm doing wrong?
>>
>> Best regards,
>>
>> --
>> \ / | |
>> (OvO) | Михаил Иванов |
>> (^^^) | |
>> \^/ | E-mail:ivans@isle.spb.ru |
>> ^ ^ | |
>>
>>
>> _______________________________________________
>> buildsys mailing list -- buildsys(a)lists.fedoraproject.org
>> To unsubscribe send an email to buildsys-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraprojec...
>>
> _______________________________________________
> buildsys mailing list -- buildsys(a)lists.fedoraproject.org
> To unsubscribe send an email to buildsys-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraprojec...
>
_______________________________________________
buildsys mailing list -- buildsys(a)lists.fedoraproject.org
To unsubscribe send an email to buildsys-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/buildsys@lists.fedoraprojec...
--
\ / | |
(OvO) | Mikhail Iwanow |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | Тел.: +7(911) 223-1300 |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |