SCIENTIFIC-LINUX-USERS Archives

December 2005

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Yum and gpgcheck
From:
John Franks <[log in to unmask]>
Reply To:
John Franks <[log in to unmask]>
Date:
Sat, 24 Dec 2005 08:30:23 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (17 lines) 
I am trying to figure out a way to use gpgcheck=1 in a yum repo given
the presence of unsigned packages.  At the moment it seems to me that
the valuable gpgcheck feature is rendered useless as soon as one package
is unsigned, because yum will refuse to update or install anything if
one package (to be updated) is unsigned and gpgcheck=1 is set.  In order
to automate updates on a large number of machines I have to do
gpgcheck=0.  Does the "tolerant" flag affect this behavior?  The man
page is silent on this (and many other features).  It only gives an
example of the kind of behavior "tolerant" causes.

One idea for a solution would be to have my own local gpgcheck=0
repository of unsigned packages (since they are very few) and use
gpgcheck=1 on other repositories.  I am not sure how to do this however.
I can create a local repository containing only the java sdk package,
but how do I tell yum to use this repo for java-sdk instead of sl-
errata, but use sl-errata for everything else?

ATOM RSS1 RSS2