repomanager icon indicating copy to clipboard operation
repomanager copied to clipboard

Published 20 hours ago verified publisher icon lbr38

Feature Request - Ability to choose to skip rpms who fail gpg check

Open JamesXNelson opened this issue 9 months ago • 5 comments

While mirroring temurin jdk from adoptium, we hit issues w/ some rpms that reliably failed signature checks.

Rather than break the whole mirror, it would be nice to have a checkbox to simply skip any files that failed their checks.

Obviously better to get upstream to not publish junk, but we live in an imperfect world. ^-^

JamesXNelson avatar May 07 '24 02:05 JamesXNelson

Can you give me the source URL, the release version and the architecture(s) you're trying to mirror please?

I'll see what I can do.

lbr38 avatar May 07 '24 09:05 lbr38

Currently adding and testing two new settings that should help you handle rpm with invalid signature:

  • When package signature is missing
  • When package signature is invalid

With three possible options:

Capture d’écran du 2024-05-08 14-50-32

This is working fine with adoptium repo. Should be available in the next release.

lbr38 avatar May 08 '24 12:05 lbr38

wow! you rock!!

Sorry I didn't get you those urls.

I'll make sure to pull this and try it out when we do the next scheduled mirroring.

JamesXNelson avatar May 10 '24 16:05 JamesXNelson

for deb (the Release vs InRelease) bits: https://packages.adoptium.net/artifactory/api/gpg/key/public https://packages.adoptium.net/artifactory/deb jammy main

JamesXNelson avatar May 10 '24 16:05 JamesXNelson

Hello

Please update your docker image to the latest version 4.1.0

You will be able to skip rpms with missing/invalid signature by using the When package signature is missing and When package signature is invalid settings from the SETTINGS tab.

Let me know if it's all good.

Thanks!

lbr38 avatar May 13 '24 18:05 lbr38

I guess this is OK

Closing

lbr38 avatar May 25 '24 08:05 lbr38