On 04/14/2015 08:54 AM, m.roth@5-cent.us wrote:

Morning, Johnny,

Johnny Hughes wrote:

...

For those of you not currently on the centos-devel mailing list, we are looking to test signed repomd.xml files (repomd.xml.asc) for CentOS-6 and CentOS-7. If you are interested in signed metadata repos, please look at this post:

http://lists.centos.org/pipermail/centos-devel/2015-April/013210.html

Also, if you are willing to test / help with the solution for signed metadata, please join the centos-devel mailing list and correspond there:

http://lists.centos.org/mailman/listinfo/centos-devel

Thank you *very* much for this post. It's much appreciated (and I forwarded it to my manager, as we have a local mirror here).

I did not get any help in creating an auto-import feature for the key .. but this is now implemented as is on CentOS-6 and CentOS-7 'updates' repo. Usage is completely optional and the default is not used.

You can now enable this option for the 'updates' repo in CentOS-6 and CentOS-7:

repo_gpgckeck=1

See 'man yum.conf' for more on either CentOS-6 and CentOS-7 .. here is the info from CentOS-5:

repo_gpgcheck: Either ‘1’ or ‘0’. This tells yum whether or not it should perform a GPG signature check on the repodata. The default is ‘0’.

Thanks, Johnny Hughes