[packagekit] GNOME summit and more about GPG keys
rnorwood at redhat.com
Wed Oct 10 07:12:30 PDT 2007
Adrien BUSTANY <madcat at mymadcat.com> writes:
> Robin Norwood a écrit :
>> However, one problem is that there isn't a consistant cross-distro way
>> that I know of to name these sorts of deps...so either distros will need
>> to become consistant or the deps need to be generated and maintained
>> Thoughts on this?
> Can't you do a search like "what package does provides the file
> /usr/gimp/plugins/xxx" with yum ? If not, it would be handy since rpm
> does it with -qf...
That's true, with yum/rpm because rpm provides file deps - but:
o The yum/rpm guys want to move *away* from those, because they're a big
part of what makes yum/rpm slower than apt/deb.
o hardcoding a file path kinda sucks.
o This doesn't count as cross-distribution, since only yum/rpm support
it (for now).
>> And if an unexpected GPG key occurs at some other time, probably just
>> error out...this way, the gpg check occurs early in the transaction,
>> instead of after PK goes away to think for awhile.
> Maybe there should be a frontend to manage yum repos (like unbuntu
> does). Of course, repo files are standard rpms, but that would be useful
> (maybe we could add a different extension to repos rpms ?). That way,
> when the user adds a repo, that frontend would fire up and ask him if he
> trusts the repo (with an option to see the key, and maybe check it
> against a keyserver).
Well, technically repos are just text config files - usually deployed in
rpms, yes. There are a few ways to solve the problem...
o If PK has 'hooks' to install new repos (ie, maybe it recognizes a
'repo' rpm), then we could do the gpg dance at that time.
o You could also run something in the %post of your repo rpm...but that
might be messy.
o The 'have yum notice new repos' thing.
Red Hat, Inc.
"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching
More information about the PackageKit