Patrick Williams | c124f4f | 2015-09-15 14:41:29 -0500 | [diff] [blame] | 1 | disable external key server |
| 2 | |
| 3 | Upstream-Status: Pending |
| 4 | |
| 5 | When RPM experiences a signed package, with a signature that it does NOT know. |
| 6 | By default it will send the -fingerprint- (and only the 16 digit fingerprint) to |
| 7 | an external HKP server, trying to get the key down. |
| 8 | |
| 9 | This is probably not a reasonable default behavior for the system to do, instead |
| 10 | it should simply fail the key lookup. If someone wants to enable the HKP server |
| 11 | it's easy enough to do by enabling the necessary macros. |
| 12 | |
| 13 | Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> |
| 14 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> |
| 15 | --- a/macros/macros.in |
| 16 | +++ b/macros/macros.in |
| 17 | @@ -546,8 +546,8 @@ $_arbitrary_tags_tests Foo:Bar |
| 18 | # Horowitz Key Protocol server configuration |
| 19 | # |
| 20 | #%_hkp_keyserver hkp://keys.n3npq.net |
| 21 | -%_hkp_keyserver hkp://pool.sks-keyservers.net |
| 22 | -%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= |
| 23 | +#%_hkp_keyserver hkp://pool.sks-keyservers.net |
| 24 | +#%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search= |
| 25 | |
| 26 | |
| 27 | %_nssdb_path /etc/pki/nssdb |