We are looking at the possibility of providing signed repomd.xml.asc files for all CentOS controlled repos for CentOS-6 and CentOS-7. I have created an update repository for CentOS-6 and CentOS-7 for testing. They are not going to be maintained current (and are already a couple of updates behind) and should *NOT* be used in production ... but if we can get some people to test these on some testing platforms that would be great: http://dev.centos.org/centos/6/updates/x86_64/ http://dev.centos.org/centos/7/updates/x86_64/ Basically, to use signed metadata for these testing repos, you would need to modify the /etc/yum.repos.d/CentOS-Base.repo and do the following to the 'updates' section: 1. Remark out the current mirrorlist and/or baseurl statements. 2 Add the following: For CentOS-6: repo_gpgcheck=1 baseurl=http://dev.centos.org/centos/6/updates/x86_64/ For CentOS-7: repo_gpgcheck=1 baseurl=http://dev.centos.org/centos/7/updates/x86_64/ ================================ *DO NOT USE THESE REPOS FOR UPDATES LONG TERM, THEY ARE FOR TESTING ONLY* ================================ One thing we would like to figure out (and then tes)t is the ability to somehow get this key to be added automatically via a kick start so that one can use signed metadata for unattended installs. Without testing and feedback, and possibly key auto import capability, this proposal will likely go nowhere .. so if this is a feature that you want, please test and provide feedback and help us find a solution for auto import of the yum key. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20150414/0e832426/attachment-0007.sig>