[rzeznikj at stout]

Before you guys flame me, let me just say I use this method on my Suse partition almost purely out of laziness...

But perhaps our friend here can see yet another way on how you don't have to go through all this trouble.

I don't have Quake, and I'm not putting it on my system. Though I used more or less the same process for MPlayer.

• Start YaST. You'll be prompted for root (KDE su).
• Select "Change Source of Installation.
• You'll need to add the ftp addresses as installation directories. Scroll to the bottom. Select "Add"
• Put the ftp address (e.g. mirror.mcs.anl.gov) server in the first box, the actual directory where the files are (/pub/suse/...) in the second. Click OK.
• Give it a few seconds to add it as an installation source.
• Once it shows up on the list, Click Finish. You'll be sent to the original YaST window
• Open Software management,
• Select search from the dropdown,
• Type in quake II in the text bar.
• When Quake II shows up on the top right, click on the box to select it.
• Click Accept. YaST will list any and all dependencies--if they're available, they'll automatically be added to the install queue.
• When the install finishes, it will autoconfigure the system--when it finishes, it'll ask you if you want to install more packages. Click finish.
• Click the X in the top right corner (or hit ^Q) to quit YaST
• Select Quake from the menu and open it.
• Thank you and have a Good Day.

Assuming you put other sites (e.g. Packman, Guru, official SuSE mirrors, etc.) on YaST, YaST will automatically find the dependencies and install them.

[Golden Eagle]

WOW, you better be CAREFUL! There's a known vulnerability just out about using YaST, you could be trojaned if you're not real careful about where you're getting your updates.

http://www.linuxsecurity.com/content/view/121777/112/

Problem Description and Brief Discussion

This is a reissue of SUSE-SA:2006:009, after we found out that also
gpg version < 1.4.x are affected by the signature checking problem
of CVE-2006-0455.

With certain handcraft-able signatures GPG was returning a 0 (valid
signature) when used on command-line with option --verify.

This could make automated checkers, like for instance the patch file
verification checker of the YaST Online Update, pass malicious patch
files as correct and allow remote code execution.

Also, the YaST Online Update script signature verification had used a
feature which was not meant to be used for signature verification,
making it possible to supply any kind of script which would be
considered correct. This would also allow code execution.