[CentOS] Signed repomd.xml.asc files for CentOS-6 and CentOS-7 (testing)

Wed May 6 10:49:01 UTC 2015
Johnny Hughes <johnny at centos.org>

On 04/14/2015 08:54 AM, m.roth at 5-cent.us wrote:
> Morning, Johnny,
> 
> Johnny Hughes wrote:
>> For those of you not currently on the centos-devel mailing list, we are
>> looking to test signed repomd.xml files (repomd.xml.asc) for CentOS-6
>> and CentOS-7.  If you are interested in signed metadata repos, please
>> look at this post:
>>
>> http://lists.centos.org/pipermail/centos-devel/2015-April/013210.html
>>
>> Also, if you are willing to test / help with the solution for signed
>> metadata, please join the centos-devel mailing list and correspond there:
>>
>> http://lists.centos.org/mailman/listinfo/centos-devel
>>
> Thank you *very* much for this post. It's much appreciated (and I
> forwarded it to my manager, as we have a local mirror here).

I did not get any help in creating an auto-import feature for the key ..
but this is now implemented as is on CentOS-6 and CentOS-7 'updates'
repo.  Usage is completely optional and the default is not used.

You can now enable this option for the 'updates' repo in CentOS-6 and
CentOS-7:

repo_gpgckeck=1

See 'man yum.conf' for more on either CentOS-6 and CentOS-7 .. here is
the info from CentOS-5:

repo_gpgcheck: Either ‘1’ or ‘0’. This tells yum whether or not it
should perform a GPG signature check on the repodata.  The default is ‘0’.

Thanks,
Johnny Hughes


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150506/8f9c3d34/attachment-0004.sig>