I figured that would be the case. JJ just told me that --checksig only gets run separate from --install, which seemed kinda silly to me until he pointed out that this is because rpm is configuredby default to check headers+payload against signature if possible. So by default it is supposedly doing this already, it is just an 'if possible' scenario. So if you don't have a key to verify against it just moves forward, would be my understanding. I did look in `rpm --showrc` for any value that might seem to force this but was unable to locate one (I didn't look at each value, just tried several greps). JJ suggested i dig through /usrlib/rpm/macros and in there I found vsflags. The default value is 0xf0000 which means if set, check header+payload (if possible). If you look in this file you can see the options and if you have a better config you can set it in a macro file over in /etc/rpm. Would have been nice if the variable name was a bit more descriptive for the sake of grep but such is life i guess. -greg On Tue, Apr 17, 2012 at 08:14, George Machitidze <giomac@xxxxxxxxx> wrote: > Thanks > > I need to have this option by default without adding command line option to > rpm. yum is checking for GPG key by default in case gpgcheck is not set to > 0. > Maybe it's possible through rpmrc, but I couldn't find option for that. > > Best regards, > George Machitidze > > > On Tue, Apr 17, 2012 at 5:09 PM, Greg Swift <gregswift@xxxxxxxxx> wrote: >> >> On Tue, Apr 17, 2012 at 07:43, George Machitidze <giomac@xxxxxxxxx> wrote: >> > Hi >> > >> > I want to force rpm during the package update or install to check if RPM >> > package is signed (public key is imported). >> > Is there a safe way to do this? >> >> So you can add -K|--checksig to your installation command if using rpm >> directly (ie: rpm -ivhK package.rpm) >> >> I don't know how one would force that as a system wide configuration >> option. Setting it as an alias doesn't seem to work because of other >> non install related commands not liking their options after the -K. >> >> With yum you can set a repository to gpgcheck=1 which will force it >> unless manually disabled. >> _______________________________________________ >> Rpm-list mailing list >> Rpm-list@xxxxxxxxxxxxx >> http://lists.rpm.org/mailman/listinfo/rpm-list > > > > _______________________________________________ > Rpm-list mailing list > Rpm-list@xxxxxxxxxxxxx > http://lists.rpm.org/mailman/listinfo/rpm-list > _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxxxxx http://lists.rpm.org/mailman/listinfo/rpm-list
