[CentOS] Re: OT: YUM, RPM and PGP keys

Tue May 13 18:34:53 UTC 2008

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Scott Silva
> Sent: Tuesday, May 13, 2008 2:28 PM
> To: centos at centos.org
> Subject: [CentOS] Re: OT: YUM, RPM and PGP keys
> 
> on 5-13-2008 4:57 AM Tom Diehl spake the following:
> > On Mon, 12 May 2008, Cliff Nadler wrote:
> >
> >>> on 5-12-2008 5:54 AM Jason Pyeron spake the following:
> >>>>> -----Original Message-----
> >>>>> Behalf Of Ralph Angenendt
> >>>>>
> >>>>> Jason Pyeron wrote:
> >>>>>> I was just about to ask the same, but for packages I just rolled.
> >>>>>>
> >>>>>> Is there a cmd line swith or env var?
> >>>>> Why not sign packages you roll? It really isn't that hard. RPM does
> >>>>> have
> >>>>
> >>>> It's a throw away project on a throwaway vm instance.
> >>>>
> >>>>> issues with large keys, though - Key on the top1000 list aren't
> usable
> >>>>> :) - I think 64kb is the maximum size.
> >>>>>
> >>>>> And: Setting gpgcheck to 0 in yum.conf should disable global gpg
> >>>>> checking, you can turn it on for each repository in the .repo files
> >>>>> under /etc/yum.repos.d/. So the choice of how you shoot yourself in
> >>>>> the
> >>>>> foot with unsigned packages is up to you >:)
> >>>>
> >>>> But there are no (temporary) options from the command line?
> >>>>
> >>> I haven't found any. Something like --nosign or --ignore-nokey would
> >>> be great.
> >>
> >> I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and
> >> change the gpgcheck flag to 0, then use "yum -c
> >> /etc/yum.localinstall.conf localinstall package" to install any
> >> unsigned packages.
> >>
> >> I've only used it with packages from a know good source (mostly
> >> locally built).
> >
> > Ummm, from the yum man page:
> >
> > --nogpgcheck
> >               Run with gpg signature checking disabled.
> >               Configuration Option: gpgcheck
> >
> > Does that do what you want?
> >
> > Regards,
> >
> That works on CentOS 5, but I don't think it was an option before. Oh
well,
> time to plan some migrations anyway.

But it is for the rolling of v5 rpms for v4 that we needed it, **sigh**.

> 
> --
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 