在 http://yum.neo4j.org/有使用yum repo的说明,首先从 http://debian.neo4j.org/neotechnology.gpg.key 安装公钥。 安装该密钥后,RPM 将其显示为已安装,
bash$ rpm -qa gpg-pubkey'*'
gpg-pubkey-c105b9de-4e0fd3a3
gpg-pubkey-01182252-544ee144
bash$ rpm -qi `rpm -qa gpg-pubkey'*' | sed 1d` | sed /BEGIN/q
Name : gpg-pubkey Relocations: (not relocatable)
Version : 01182252 Vendor: (none)
Release : 544ee144 Build Date: Wed 19 Nov 2014 02:08:02 PM UTC
Install Date: Wed 19 Nov 2014 02:08:02 PM UTC Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(Neo Technology Admins <admins@neotechnology.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
bash$
。但是 yum 获得的 RPM 不会通过签名检查安装。打开了。 它似乎想要的不是键01182252而是键 2dc499c3:
bash$ sudo yum install -y neo4j 2>&1 | tail
================================================================================
Install 1 Package(s)
Total size: 40 M
Installed size: 45 M
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 2dc499c3: NOKEY
Public key for neo4j-2.1.5-1.noarch.rpm is not installed
bash$
可以忽略 debian.neo4j.org 的密钥,而是查询 gnupg 的默认密钥服务器:
bash$ gpg --recv-keys 2dc499c3
gpg: requesting key 2DC499C3 from hkp server keys.gnupg.net
gpg: /home/vagrant/.gnupg/trustdb.gpg: trustdb created
gpg: key 2DC499C3: public key "Neo Technology Admins <admins@neotechnology.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
bash$
然后,在将其导入RPM的密钥数据库后,yum将安装neo4j:
bash$ gpg --export -a 2dc499c3 > ~/tmp/neo4j.asc
bash$ sudo rpm --import ~/tmp/neo4j.asc
bash$ sudo yum install -y neo4j
。
Complete!
bash$
这把钥匙现在是权威的吗?
bash$ rpm -qi `rpm -qa gpg-pubkey* | grep 2dc499c3`
Name : gpg-pubkey Relocations: (not relocatable)
Version : 2dc499c3 Vendor: (none)
Release : 508bf4b0 Build Date: Wed 19 Nov 2014 08:19:42 PM UTC
Install Date: Wed 19 Nov 2014 08:19:42 PM UTC Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(Neo Technology Admins <admins@neotechnology.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.8.0 (NSS-3)
mQENBFCL9LABCACkBWFOHoSZ+xaIjh8FprxFhHW+StN++1mySKLGd4GoQqZLZsfB
h4MyoZDx/BUY4T+uO2w+YBfSS+CijLjXnaaPN4D1C0+YDEIWhn0Nq7CV42NcXg6m
oUYz+qe+0tTYuuCxIMnb9qdGsK7/WySgUBPgcTo40QrRzj1WYAL8xznjyF6IVJot
pH7tk9hqKTM6bDYxd969wpE7NvPUWOsl4a+JMEY+ErM19y9j7W+bwf36mtcs5cyO
DyIFw/4WVdBZouYBYe2OEO8Ak4SY4XCb/cFWquy3wLM8BfZB9Uj1BHjMacVkmCNx
Dadc+jraQZItRenQzyk0zauA79BAJ24onYjvABEBAAG0ME5lbyBUZWNobm9sb2d5
IEFkbWlucyA8YWRtaW5zQG5lb3RlY2hub2xvZ3kuY29tPokBPgQTAQIAKAUCUIv0
sAIbAwUJA8JnAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQtzpfli3EmcOq
PAf9ElDmc/HJ3hRQwA4IEpNF+IjRktkLjSUQMdaqprA4UGKQwNjuq/GSl4/XXm8V
8m0tTtQpzzzn9cYGF41TNPdx2V2cG9UHd62BqUYm60Qc1GdIos2Dpwd3gJaSktYH
mLa8eiYwDffOuQMy5peKu0vB4xsgy+OBz4vk6fAUBsVCVuQZrQWQ9Hm9AMqMYPuG
n3J2E4XfpN7KoAfylRelqvnhdhYL/fhqW0/fiNFHPmu/Z+ksWgaAHrxK9h8Fr0aG
gAwsQxupyNLNjxUSGWg1cV7afF/xmTvFQi8XjxIy6daAOoLahI1utOP6Zo7cvhdU
5q5wtSo5HT7CGm/Ym2dP/kROtw==
=2b2E
-----END PGP PUBLIC KEY BLOCK-----
bash$
如果没有,我们在哪里可以获得 neo4j-2.1.5-1.noarch 的密钥 2dc499c3.rpm签了?
感谢您提请我们注意这一点。 我已经使用说明中引用的密钥重新签名了所有 RPM(旧的密钥过期并破坏了所有 Debian 软件包),并通过 Amazon Linux 机器上的 yum install neo4j 测试了安装。 效果很好。
请注意,我们的 Yum/RPM 支持仍处于实验阶段。 我们可能会很快使用成年密钥对这些 RPM 进行签名,甚至重建整个存储库。 我们也欢迎有关如何改善 RPM 平台体验的反馈 - 谢谢!
朱利安。