From Fedora Project Wiki

mNo edit summary
mNo edit summary
Line 8: Line 8:
<pre>
<pre>
OpenGPGCheck = yes
OpenGPGCheck = yes
OpenGPGPublicKeys = /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora, /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora
</pre>
</pre>


Set ''OpenGPGCheck'' to ''yes''.
Set ''OpenGPGCheck'' to ''yes''.
Add path to GPG signature, delimited by colon.
 
You can add/remove gpg keys in /etc/abrt/gpg_keys every key has to be on the new line.
Restart ABRT: <pre># service abrtd restart</pre>
Restart ABRT: <pre># service abrtd restart</pre>


Install package from the repository to which the new GPG key belongs to. Crash an application from this package - abrt should ignore it this time. Leave gpg check on and import the gpg key from the repo (if you haven't already).  Add the gpg key into ABRT config, crash something from the package - and this time it should be reported.  
Install package from the repository to which the new GPG key belongs to. Crash an application from this package - abrt should ignore it this time. Leave gpg check on and import the gpg key from the repo (if you haven't already).  Add the gpg key into ABRT config, crash something from the package - and this time it should be reported.  


'''<fixme: which repository to add as an example? how to install gpg key?>'''
You can [http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-rawhide.noarch.rpm add] RPMFusion repository, install some package from this repository and kill the app from this
package.
 
# ABRT should ignore by default
# If you want ABRT to not ignore this packages you need to:
## add /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-* keys (depends on which repo do you use) to /etc/abrt/gpg_keys
## restart abrtd
 


|results=
|results=

Revision as of 13:24, 18 March 2010

Description

This is testing ABRT GPG check using custom GPG Keys That means you can add other trusted GPG keys used to sign packages from some repository (e.g. RPM Fusion). See also QA:Testcase_abrt_GPG_check.

This test case can't be tested on Rawhide or provided LiveCD because the packages are not properly signed in these distributions.


How to test

Edit config file /etc/abrt/abrt.conf, where you should find lines: 

OpenGPGCheck = yes

Set OpenGPGCheck to yes.

You can add/remove gpg keys in /etc/abrt/gpg_keys every key has to be on the new line.

Restart ABRT: 

# service abrtd restart

Install package from the repository to which the new GPG key belongs to. Crash an application from this package - abrt should ignore it this time. Leave gpg check on and import the gpg key from the repo (if you haven't already). Add the gpg key into ABRT config, crash something from the package - and this time it should be reported.

You can add RPMFusion repository, install some package from this repository and kill the app from this package.

  1. ABRT should ignore by default
  2. If you want ABRT to not ignore this packages you need to:
    1. add /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-* keys (depends on which repo do you use) to /etc/abrt/gpg_keys
    2. restart abrtd

Expected Results

ABRT should notice only crashes of applications from signed packages when OpenGPGCheck = yes, it should ignore packages from unsupported archives

Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_ABRT_GPG_Keys&oldid=160222"