diff options
Diffstat (limited to 'meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch')
-rw-r--r-- | meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch new file mode 100644 index 0000000000..07a0cfa300 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | disable external key server | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | |||
5 | When RPM experiences a signed package, with a signature that it does NOT know. | ||
6 | By default it will send the -fingerprint- (and only the 16 digit fingerprint) to | ||
7 | an external HKP server, trying to get the key down. | ||
8 | |||
9 | This is probably not a reasonable default behavior for the system to do, instead | ||
10 | it should simply fail the key lookup. If someone wants to enable the HKP server | ||
11 | it's easy enough to do by enabling the necessary macros. | ||
12 | |||
13 | Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> | ||
14 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | ||
15 | --- a/macros/macros.in | ||
16 | +++ b/macros/macros.in | ||
17 | @@ -546,8 +546,8 @@ $_arbitrary_tags_tests Foo:Bar | ||
18 | # Horowitz Key Protocol server configuration | ||
19 | # | ||
20 | #%_hkp_keyserver hkp://keys.n3npq.net | ||
21 | -%_hkp_keyserver hkp://pool.sks-keyservers.net | ||
22 | -%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= | ||
23 | +#%_hkp_keyserver hkp://pool.sks-keyservers.net | ||
24 | +#%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= | ||
25 | |||
26 | |||
27 | %_nssdb_path /etc/pki/nssdb | ||