diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch b/import-layers/yocto-poky/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch new file mode 100644 index 000000000..a08412aa9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch @@ -0,0 +1,31 @@ +disable external key server + +Upstream-Status: Pending + +When RPM experiences a signed package, with a signature that it does NOT know. +By default it will send the -fingerprint- (and only the 16 digit fingerprint) to +an external HKP server, trying to get the key down. + +This is probably not a reasonable default behavior for the system to do, instead +it should simply fail the key lookup. If someone wants to enable the HKP server +it's easy enough to do by enabling the necessary macros. + +Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> +Signed-off-by: Mark Hatle <mark.hatle@windriver.com> +Index: rpm/macros/macros.in +=================================================================== +--- rpm.orig/macros/macros.in ++++ rpm/macros/macros.in +@@ -563,10 +563,10 @@ $_arbitrary_tags_tests Foo:Bar + + # Horowitz Key Protocol server configuration + # +-%_hkp_keyserver hkp://keys.rpm5.org ++#%_hkp_keyserver hkp://keys.rpm5.org + #%_hkp_keyserver hkp://keys.n3npq.net + #%_hkp_keyserver hkp://pool.sks-keyservers.net +-%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= ++#%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= + + + # NSS_InitContext() parameter configuration |