On 12/01/17 16:16, Johnny Hughes wrote:
On 01/06/2017 03:49 AM, Laurentiu Pancescu wrote:
Would it be ok in this form? The only disadvantage I see is being asked to trust the official CentOS key several times during the first "yum update" (instead of just once).
Right, the only real issue is more trust requests for the same key.
Then, which is the earliest time we could enable this? 7.4?
I tried to avoid the "importing key" prompt by importing the key in advance, according to the documentation I found:
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # rpm -qa gpg-pubkey* gpg-pubkey-f4a80eb5-53a7ff4b # rpm -qi gpg-pubkey-f4a80eb5-53a7ff4b Name : gpg-pubkey Version : f4a80eb5 Release : 53a7ff4b Architecture: (none) Install Date: Thu 12 Jan 2017 04:16:24 PM UTC Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : Mon 23 Jun 2014 10:19:55 AM UTC Build Host : localhost Relocations : (not relocatable) Packager : CentOS-7 Key (CentOS 7 Official Signing Key) security@centos.org Summary : gpg(CentOS-7 Key (CentOS 7 Official Signing Key) security@centos.org) Description : [skipped due to verbosity]
But I'm still asked during the first "yum update", several times for the same key - the fingerprint displayed during each prompt matches the key I had already imported. Could anyone shed some light on what's going on? Perhaps because we have a gpgkey setting in the .repo file?
Thanks, Laurențiu