[gobolinux-users] The package for hungarian OpenOffice2.0.4
jonka750 at student.liu.se
Mon Nov 13 15:16:10 UTC 2006
2006/11/13, Andy Feldman <nereusren at gmail.com>:
> On 11/13/06, Jonas Karlsson <jonka750 at student.liu.se> wrote:
> > 2006/11/13, Viola Zoltán <violazoli at gmail.com>:
> > > In the install process this write "Invalid signature" error, but this
> > > is not a problem.
> > Why does it complain about a signature? I assume you don't have singed
> > the package before creating it. I really recommend that you do sign it
> > and repackage it. If it isn't signed because you don't have a gpg key
> > to sign with, I suggest you get one.
> > First you need gnupg. Install it with 'Compile gnupg 1.4.5' or use the
> > package (that I've created) in the contribute store 'InstallPackage
> > http://www.midgard.liu.se/~n02jonka/gobolinux/packages/contrib/GnuPG--1.4.5--i686.tar.bz2'
> > (change the mirror to the one closest to you).
> > Then generate a gpg key by issuing 'gpg --gen-key' (the defaults are ok).
> > When you have a key, sign the program with 'SignProgram OpenOffice 2.0.4'.
> If he signs the package, how should others get his key in order to
> verify it? For example, when I download your GnuPG package, it errors
> out with "Invalid signature," with no option to install it anyway.
My bad if that's the case, but I believe that one could install user
signed packages without getting invalid signature. There was a change
in the singning procedure a while ago, perhaps the package was signed
before that and therefore have a bad signature. I don't have access to
a gobo system atm, so I can't verify. What does InstallPackage say
more than 'nvalid signature'? Does it say anything more, like that
some files are missing or aren't signed?
> I was under the impression that user-signing of packages was not in a
> good state yet, but if that's not true I'd love to hear more about it.
Well, I can't tell from here, but I might be wrong. I thought that one
could install contributed packages and get that the signature was ok.
I haven't loked at that part lately, but the reason I might be wrong
is that the only contributed packages I have installed lately is
created by myself (and I can verify my own signature :*) ).
I'll look into it when I get home.
More information about the gobolinux-users