diff --git a/osc/build.py b/osc/build.py index 11e72b71..b8736e9b 100644 --- a/osc/build.py +++ b/osc/build.py @@ -322,8 +322,11 @@ def main(opts, argv): anyway, I assume... verifying package now saves time though, since we don't even try to set up the buildroot if it wouldn't work.""" - print 'Verifying integrity of cached packages' - verify_pacs([ i.fullfilename for i in bi.deps ]) + if opts.no_verify: + print 'Skipping verification of package signatures' + else: + print 'Verifying integrity of cached packages' + verify_pacs([ i.fullfilename for i in bi.deps ]) print 'Writing build configuration' diff --git a/osc/commandline.py b/osc/commandline.py index 0ce8715b..e38959e7 100755 --- a/osc/commandline.py +++ b/osc/commandline.py @@ -1318,6 +1318,8 @@ class Osc(cmdln.Cmdln): help='don\'t update the package changelog from a changes file') @cmdln.option('--noinit', '--no-init', action='store_true', help='Skip initialization of build root and start with build immediately.') + @cmdln.option('--no-verify', action='store_true', + help='Skip signature verification of packages used for build.') @cmdln.option('-p', '--prefer-pkgs', metavar='DIR', action='append', help='Prefer packages from this directory when installing the build-root') @cmdln.option('-k', '--keep-pkgs', metavar='DIR', diff --git a/osc/fetch.py b/osc/fetch.py index 35a321a4..52f208e9 100644 --- a/osc/fetch.py +++ b/osc/fetch.py @@ -179,6 +179,8 @@ def verify_pacs(pac_list): rpm --import %(dir)s/keyfile-%(name)s Then, just start the build again. + +- If the key is unavailable, you may use --no-verify (which may pose a risk). """ % {'name': missing_key, 'dir': os.path.expanduser('~')}