[CentOS-devel] Signed repomd.xml.asc files for CentOS-6 and CentOS-7 (testing)

Tue Apr 14 11:54:35 UTC 2015
Johnny Hughes <johnny at centos.org>

We are looking at the possibility of providing signed repomd.xml.asc
files for all CentOS controlled repos for CentOS-6 and CentOS-7.

I have created an update repository for CentOS-6 and CentOS-7 for
testing.  They are not going to be maintained current (and are already a
couple of updates behind) and should *NOT* be used in production ... but
if we can get some people to test these on some testing platforms that
would be great:

http://dev.centos.org/centos/6/updates/x86_64/

http://dev.centos.org/centos/7/updates/x86_64/

Basically, to use signed metadata for these testing repos, you would
need to modify the /etc/yum.repos.d/CentOS-Base.repo and do the
following to the 'updates' section:

1.  Remark out the current mirrorlist and/or baseurl statements.

2  Add the following:

For CentOS-6:
repo_gpgcheck=1
baseurl=http://dev.centos.org/centos/6/updates/x86_64/

For CentOS-7:
repo_gpgcheck=1
baseurl=http://dev.centos.org/centos/7/updates/x86_64/

================================
*DO NOT USE THESE REPOS FOR UPDATES LONG TERM, THEY ARE FOR TESTING ONLY*
================================

One thing we would like to figure out (and then tes)t is the ability to
somehow get this key to be added automatically via a kick start so that
one can use signed metadata for unattended installs.

Without testing and feedback,  and possibly key auto import capability,
this proposal will likely go nowhere .. so if this is a feature that you
want, please test and provide feedback and help us find a solution for
auto import of the yum key.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20150414/0e832426/attachment-0007.sig>