[CentOS] Re: OT: YUM, RPM and PGP keys

Scott Silva ssilva at sgvwater.com
Tue May 13 18:28:14 UTC 2008


on 5-13-2008 4:57 AM Tom Diehl spake the following:
> On Mon, 12 May 2008, Cliff Nadler wrote:
> 
>>> on 5-12-2008 5:54 AM Jason Pyeron spake the following:
>>>>> -----Original Message-----
>>>>> Behalf Of Ralph Angenendt
>>>>>
>>>>> Jason Pyeron wrote:
>>>>>> I was just about to ask the same, but for packages I just rolled.
>>>>>>
>>>>>> Is there a cmd line swith or env var?
>>>>> Why not sign packages you roll? It really isn't that hard. RPM does 
>>>>> have
>>>>
>>>> It's a throw away project on a throwaway vm instance.
>>>>
>>>>> issues with large keys, though - Key on the top1000 list aren't usable
>>>>> :) - I think 64kb is the maximum size.
>>>>>
>>>>> And: Setting gpgcheck to 0 in yum.conf should disable global gpg
>>>>> checking, you can turn it on for each repository in the .repo files
>>>>> under /etc/yum.repos.d/. So the choice of how you shoot yourself in 
>>>>> the
>>>>> foot with unsigned packages is up to you >:)
>>>>
>>>> But there are no (temporary) options from the command line?
>>>>
>>> I haven't found any. Something like --nosign or --ignore-nokey would 
>>> be great.
>>
>> I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and 
>> change the gpgcheck flag to 0, then use "yum -c 
>> /etc/yum.localinstall.conf localinstall package" to install any 
>> unsigned packages.
>>
>> I've only used it with packages from a know good source (mostly 
>> locally built).
> 
> Ummm, from the yum man page:
> 
> --nogpgcheck
>               Run with gpg signature checking disabled.
>               Configuration Option: gpgcheck
> 
> Does that do what you want?
> 
> Regards,
> 
That works on CentOS 5, but I don't think it was an option before. Oh well, 
time to plan some migrations anyway.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080513/61c0061a/attachment.sig>


More information about the CentOS mailing list