RE: [CentOS] Re: OT: YUM, RPM and PGP keys

[Jason Pyeron]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
 Behalf Of Scott Silva
 Sent: Tuesday, May 13, 2008 2:28 PM
 To: centos@centos.org
 Subject: [CentOS] Re: OT: YUM, RPM and PGP keys
 
 on 5-13-2008 4:57 AM Tom Diehl spake the following:
  On Mon, 12 May 2008, Cliff Nadler wrote:
 
  on 5-12-2008 5:54 AM Jason Pyeron spake the following:
  -Original Message-
  Behalf Of Ralph Angenendt
 
  Jason Pyeron wrote:
  I was just about to ask the same, but for packages I just rolled.
 
  Is there a cmd line swith or env var?
  Why not sign packages you roll? It really isn't that hard. RPM does
  have
 
  It's a throw away project on a throwaway vm instance.
 
  issues with large keys, though - Key on the top1000 list aren't
 usable
  :) - I think 64kb is the maximum size.
 
  And: Setting gpgcheck to 0 in yum.conf should disable global gpg
  checking, you can turn it on for each repository in the .repo files
  under /etc/yum.repos.d/. So the choice of how you shoot yourself in
  the
  foot with unsigned packages is up to you :)
 
  But there are no (temporary) options from the command line?
 
  I haven't found any. Something like --nosign or --ignore-nokey would
  be great.
 
  I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and
  change the gpgcheck flag to 0, then use yum -c
  /etc/yum.localinstall.conf localinstall package to install any
  unsigned packages.
 
  I've only used it with packages from a know good source (mostly
  locally built).
 
  Ummm, from the yum man page:
 
  --nogpgcheck
Run with gpg signature checking disabled.
Configuration Option: gpgcheck
 
  Does that do what you want?
 
  Regards,
 
 That works on CentOS 5, but I don't think it was an option before. Oh
well,
 time to plan some migrations anyway.

But it is for the rolling of v5 rpms for v4 that we needed it, **sigh**.

 
 --
 MailScanner is like deodorant...
 You hope everybody uses it, and
 you notice quickly if they don't




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: OT: YUM, RPM and PGP keys

[Cliff Nadler]

on 5-12-2008 5:54 AM Jason Pyeron spake the following:
 -Original Message-
 Behalf Of Ralph Angenendt

 Jason Pyeron wrote:
 I was just about to ask the same, but for packages I just rolled.

 Is there a cmd line swith or env var?
 Why not sign packages you roll? It really isn't that hard. RPM does have

 It's a throw away project on a throwaway vm instance.

 issues with large keys, though - Key on the top1000 list aren't usable
 :) - I think 64kb is the maximum size.

 And: Setting gpgcheck to 0 in yum.conf should disable global gpg
 checking, you can turn it on for each repository in the .repo files
 under /etc/yum.repos.d/. So the choice of how you shoot yourself in the
 foot with unsigned packages is up to you :)

 But there are no (temporary) options from the command line?

I haven't found any. Something like --nosign or --ignore-nokey would be great.

I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and change the 
gpgcheck flag to 0, then use yum -c /etc/yum.localinstall.conf localinstall 
package to install any unsigned packages.

I've only used it with packages from a know good source (mostly locally built).

Cliff


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos