IdP v4.1 unattendended plugin install error: INFO - Key import barred by user

Cantor, Scott cantor.2 at osu.edu
Thu Apr 29 12:24:54 UTC 2021


On 4/28/21, 8:08 PM, "users on behalf of Lipscomb, Gary via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:

>    Have tested and if the trust store is populated with the public key prior to install the --noPrompt works and
> the plugin and module are installed.

That's intentional then, that was the intended design. Providing a --noPrompt tha doesn't require that is, well, catastrophically dangerous since you have no idea what you're downloading.

In effect if you want to do that you should run your own "satellite" server to use the RH RPM term. Download your plugins and re-sign them, and prepopulate your own key so you control all the variables. The installer does *not* require that it find its plugins at the published download locations, that's just for easing upgrades.

-- Scott




More information about the users mailing list