[CentOS] Re: OT: YUM, RPM and PGP keys
Scott Silva
ssilva at sgvwater.com
Tue May 13 18:28:14 UTC 2008
on 5-13-2008 4:57 AM Tom Diehl spake the following:
> On Mon, 12 May 2008, Cliff Nadler wrote:
>
>>> on 5-12-2008 5:54 AM Jason Pyeron spake the following:
>>>>> -----Original Message-----
>>>>> Behalf Of Ralph Angenendt
>>>>>
>>>>> Jason Pyeron wrote:
>>>>>> I was just about to ask the same, but for packages I just rolled.
>>>>>>
>>>>>> Is there a cmd line swith or env var?
>>>>> Why not sign packages you roll? It really isn't that hard. RPM does
>>>>> have
>>>>
>>>> It's a throw away project on a throwaway vm instance.
>>>>
>>>>> issues with large keys, though - Key on the top1000 list aren't usable
>>>>> :) - I think 64kb is the maximum size.
>>>>>
>>>>> And: Setting gpgcheck to 0 in yum.conf should disable global gpg
>>>>> checking, you can turn it on for each repository in the .repo files
>>>>> under /etc/yum.repos.d/. So the choice of how you shoot yourself in
>>>>> the
>>>>> foot with unsigned packages is up to you >:)
>>>>
>>>> But there are no (temporary) options from the command line?
>>>>
>>> I haven't found any. Something like --nosign or --ignore-nokey would
>>> be great.
>>
>> I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and
>> change the gpgcheck flag to 0, then use "yum -c
>> /etc/yum.localinstall.conf localinstall package" to install any
>> unsigned packages.
>>
>> I've only used it with packages from a know good source (mostly
>> locally built).
>
> Ummm, from the yum man page:
>
> --nogpgcheck
> Run with gpg signature checking disabled.
> Configuration Option: gpgcheck
>
> Does that do what you want?
>
> Regards,
>
That works on CentOS 5, but I don't think it was an option before. Oh well,
time to plan some migrations anyway.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080513/61c0061a/attachment.sig>
More information about the CentOS
mailing list