[scl.org] GPG Keys for Signed Packages

Michael Ward Michael.Ward at melbourneit.com.au
Fri Nov 13 01:08:12 UTC 2015


We push updates to our CentOS 6/7 servers via Spacewalk. At the moment we have a custom channel created for SCL content and are sync'ing down just a couple of repositories that we are interested in (httpd24 and php55). However when trying to push updates via Spacewalk we run into issues that the servers with these packages don't have the necessary GPG keys installed. 

I am aware that we could manually override on each server so that the scl channel doesn't require GPG keys, but since the packages are signed I'd prefer to use this signature. 

I've hunted around the SCL website but haven't managed to find any GPG public keys for importing.. 

Are the public keys for the packages available somewhere and I'm just missing them ?

Ideally I'd like to know where to find all the keys in case we add extra software collections to our channel later, but for now at a minimum are these keys available:

Httpd24 - Signature   : RSA/SHA1, Tue Feb 17 01:51:07 2015, Key ID eaddec352d035be8
Php55 - Signature   : RSA/SHA1, Tue Jun  9 03:04:29 2015, Key ID fd0cba1158446831

Michael Ward.

More information about the SCLorg mailing list