[Triumf-linux-managers] Fix for latest SL4, SL5 unsigned java
packages
Kelvin Raywood
kray at triumf.ca
Tue Jan 15 12:05:26 PST 2008
Thanks Konstantin,
It's really annoying that the SL maintainers put these unsigned RPMS in
with the security updates.
For those using the TRIUMF rpms, I am working on a modification to the
yum configuration that will exclude the java and jdk rpms from the SL
updates so as to avoid the failing updates. I'll add these rpms to a
separate triumf-unsigned repository with a separate yum config that does
not do signature checking.
Or, I could possible sign the rpms myself using the TRIUMF-core
signature that I use for sining other rpms. I 'm not particularly
thrilled at the idea of signing these rpms but it might be the safest
way to go.
Any thoughts?
Kel Raywood
TRIUMF Network and Computing services
Konstantin Olchanski wrote:
> Folks - a whole new bunch of unsigned java packages just arrived
> from the good SL maintainers. These unsigned packages make the
> nightly yum updates not work.
>
> Because yum normally refuses to install unsigned packages, you all are
> welcome to install them manually using these scripts
> for SL4 and SL5 respectively:
>
> /triumfcs/trshare/olchansk/linux/triumf-update/fix-SL4-java.sh
> /triumfcs/trshare/olchansk/linux/triumf-update/fix-SL5-java.sh
>
> (do look inside the scripts - all they do is save you some typing).
>
> Note - package signature checking in yum is the only thing that
> protects your machine from being owned by any lazy hacker who
> could be bothered with hacking mirror.triumf.ca
> or ftp.scientifixlinux.org or with tricking DNS into redirecting
> ftp.scientificlinux.org into a trojan ftp site full of trojan rpms.
>
More information about the Triumf-linux-managers
mailing list