Hi John,

> I am trying to figure out a way to use gpgcheck=1 in a yum repo given
> the presence of unsigned packages.  At the moment it seems to me that
> the valuable gpgcheck feature is rendered useless as soon as one package
> is unsigned, because yum will refuse to update or install anything if
> one package (to be updated) is unsigned and gpgcheck=1 is set.  In order
> to automate updates on a large number of machines I have to do
> gpgcheck=0.  Does the "tolerant" flag affect this behavior?  The man
> page is silent on this (and many other features).  It only gives an
> example of the kind of behavior "tolerant" causes.
> 
> One idea for a solution would be to have my own local gpgcheck=0
> repository of unsigned packages (since they are very few) and use
> gpgcheck=1 on other repositories.  I am not sure how to do this however.
> I can create a local repository containing only the java sdk package,
> but how do I tell yum to use this repo for java-sdk instead of sl-
> errata, but use sl-errata for everything else?

If you were to create the repo, named something like "[java-sdk-unsigned]",
then it's a simple matter on the command line to use:

# yum --enablerepo=java-sdk-unsigned blah blah

Michael.