[CentOS] Re: OT: YUM, RPM and PGP keys

Tue May 13 11:57:13 UTC 2008
Tom Diehl <tdiehl at rogueind.com>

On Mon, 12 May 2008, Cliff Nadler wrote:

>> on 5-12-2008 5:54 AM Jason Pyeron spake the following:
>>>> -----Original Message-----
>>>> Behalf Of Ralph Angenendt
>>>> Jason Pyeron wrote:
>>>>> I was just about to ask the same, but for packages I just rolled.
>>>>> Is there a cmd line swith or env var?
>>>> Why not sign packages you roll? It really isn't that hard. RPM does have
>>> It's a throw away project on a throwaway vm instance.
>>>> issues with large keys, though - Key on the top1000 list aren't usable
>>>> :) - I think 64kb is the maximum size.
>>>> And: Setting gpgcheck to 0 in yum.conf should disable global gpg
>>>> checking, you can turn it on for each repository in the .repo files
>>>> under /etc/yum.repos.d/. So the choice of how you shoot yourself in the
>>>> foot with unsigned packages is up to you >:)
>>> But there are no (temporary) options from the command line?
>> I haven't found any. Something like --nosign or --ignore-nokey would be great.
> I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and change the gpgcheck flag to 0, then use "yum -c /etc/yum.localinstall.conf localinstall package" to install any unsigned packages.
> I've only used it with packages from a know good source (mostly locally built).

Ummm, from the yum man page:

               Run with gpg signature checking disabled.
               Configuration Option: gpgcheck

Does that do what you want?


Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com