On Fri, 5 Oct 2012, SCHAER Frederic wrote:
Hi,
I'm trying to install some software which requires a jdk, and the latest one is
set to be installed... but installation fails
because I have enabled gpg signature check, and that rpm isn't signed : is this
a bug, or a feature ?
Error :
# yum install jdk.x86_64
(...)
Package jdk-1.6.0_35-fcs.x86_64.rpm is not signed
If this is a feature, do how should security updates be applied using yum ?
It is a "feature".
Sun/Oracle build these packages, not SL,
and they are built with rpm version 3 which cannot be (re)signed
(there is/was some work around for the 32bit rpms,
but no known solution for the x86_64 packages).
I would assume it is a security risk to disable gpg check on erratas, isn't it ?
I would agree.
I hand-install these packages with yum --nogpgcheck
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
[email protected] http://www.dpmms.cam.ac.uk/~werdna
