Once upon a time, Mike Pinkerton <pselists@xxxxxxxxxxxxxx> said: > On 3 May 2013, at 15:07, Chris Adams wrote: > >Once upon a time, Mike Pinkerton <pselists@xxxxxxxxxxxxxx> said: > >>Does anaconda check package signatures for the netinstall? > > > >I believe so. Checksums are definately checked (RPM won't install a > >corrupt package). > > Are you sure that signatures are checked? If so, why this feature? I thought that feature had been implemented, but the status page only shows 5%. The in-package checksums (along similar lines to the DVD media check) are checked, but not the signatures. However, unless your installer image is signed, checking RPM signatures in anaconda is pointless (which is why the feature you mentioned is based on Secure Boot). If someone was going to the trouble of changing the RPM signatures, they could also change the public keys included in anaconda. You'd have to have signatures for all the installer files (and a way to check them), which is along the lines of the feature you mentioned. I brought this up before, but didn't really follow up on it: https://bugzilla.redhat.com/show_bug.cgi?id=117647 Creating a complete chain of trust is hard. > The repo works fine for yum after installation. Is it a mirror of the "Fedora" or "Everything" directory? I haven't checked in a bit, but at one point there was some difference between the two related to the comps file (which defines the groups displayed in anaconda). yum would work fine without the comps file (except for groupinstall and such). > Have you tried doing a netinstall from a specific mirror that you > specified in the source spoke of anaconda rather than using the pre- > configured repo? Did it work? Yes. I operate a mirror server, and then I also have a couple of private mirrors hanging off of it I use for my stuff (one at the office and one at home). -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
