[CentOS] Re: OT: YUM, RPM and PGP keys

Mon May 12 23:58:02 UTC 2008
Cliff Nadler <cnadler at colltech.com>

>on 5-12-2008 5:54 AM Jason Pyeron spake the following:
>>> -----Original Message-----
>>> Behalf Of Ralph Angenendt
>>>
>>> Jason Pyeron wrote:
>>>> I was just about to ask the same, but for packages I just rolled.
>>>>
>>>> Is there a cmd line swith or env var?
>>> Why not sign packages you roll? It really isn't that hard. RPM does have
>>
>> It's a throw away project on a throwaway vm instance.
>>
>>> issues with large keys, though - Key on the top1000 list aren't usable
>>> :) - I think 64kb is the maximum size.
>>>
>>> And: Setting gpgcheck to 0 in yum.conf should disable global gpg
>>> checking, you can turn it on for each repository in the .repo files
>>> under /etc/yum.repos.d/. So the choice of how you shoot yourself in the
>>> foot with unsigned packages is up to you >:)
>>
>> But there are no (temporary) options from the command line?
>>
>I haven't found any. Something like --nosign or --ignore-nokey would be great.

I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and change the gpgcheck flag to 0, then use "yum -c /etc/yum.localinstall.conf localinstall package" to install any unsigned packages.

I've only used it with packages from a know good source (mostly locally built).

Cliff