Am 28.04.2016 um 21:29 schrieb Albin Otterhäll <gmane@xxxxxxxxxxxxx>:
> On 2016-04-28 21:08, Andreas Benzler wrote:
>> repository gpg can be found in
>> /etc/pki/rpm-gpg/
>>
>> read the repo file(s) in
>>
>> /etc/yum.repos.d/
>>
>> cat /etc/yum.repos.d/CentOS-Base.repo
>> # CentOS-Base.repo
>> #
>> # The mirror system uses the connecting IP address of the client and the
>> # update status of each mirror to pick mirrors that are updated to and
>> # geographically close to the client. You should use this for CentOS
>> updates
>> # unless you are manually picking other mirrors.
>> #
>> # If the mirrorlist= does not work for you, as a fall back you can try
>> the
>> # remarked out baseurl= line instead.
>> #
>> #
>>
>> [base]
>> name=CentOS-$releasever - Base
>> mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=
>> $basearch&repo=os&infra=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
>> gpgcheck=1
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
>
> Apparently I wasn't clear enough. I'm using Arch Linux (i.e. I haven't
> access to the gpg key that comes with an installation) and would like to
> verify the ISO I've downloaded. To-do that I need the key used to sign
> the "sha256sum.txt.asc" file.
>
> I need to import the CentOS Release 7 (and maybe additional keys) from a
> keyserver or download the keyfile to be able do that.
if the mirror is compromised, you should use a different source:
https://pgp.mit.edu/pks/lookup?search=centos.org
--
LF
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
