On Mon, 12 May 2008, Cliff Nadler wrote:
on 5-12-2008 5:54 AM Jason Pyeron spake the following:
-----Original Message-----
Behalf Of Ralph Angenendt
Jason Pyeron wrote:
I was just about to ask the same, but for packages I just rolled.
Is there a cmd line swith or env var?
Why not sign packages you roll? It really isn't that hard. RPM does have
It's a throw away project on a throwaway vm instance.
issues with large keys, though - Key on the top1000 list aren't usable
:) - I think 64kb is the maximum size.
And: Setting gpgcheck to 0 in yum.conf should disable global gpg
checking, you can turn it on for each repository in the .repo files
under /etc/yum.repos.d/. So the choice of how you shoot yourself in the
foot with unsigned packages is up to you >:)
But there are no (temporary) options from the command line?
I haven't found any. Something like --nosign or --ignore-nokey would be great.
I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and change the gpgcheck flag to 0, then use "yum -c /etc/yum.localinstall.conf localinstall package" to install any unsigned packages.
I've only used it with packages from a know good source (mostly locally built).
Ummm, from the yum man page:
--nogpgcheck
Run with gpg signature checking disabled.
Configuration Option: gpgcheck
Does that do what you want?
Regards,
--
Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
