[Spacewalk-list] Package rpm is not signed
John Hodrien
J.H.Hodrien at leeds.ac.uk
Fri Jun 12 13:55:08 UTC 2009
On Fri, 12 Jun 2009, Jason Frisvold wrote:
> On 06/12/2009 07:21 AM, John Hodrien wrote:
>> Personally, I'd describe the solution as blissfully simple; sign the rpms.
>
> In a similar vein, I have a channel where I put local RPMS which include
> ones I've rolled myself as well as RPMs from other places, such as
> MySQL. Is there a way to import the relevant GPG keys into spacewalk so
> I don't have to manually touch each machine to import them?
Again, other people might disagree with me, but here's what I do.
Machines are all set with the basic CentOS and Spacewalk keys. In addition to
those they all have my own key. Anything that I want to install outside of
those basic repos gets resigned by me before spacewalk sees it. It doesn't
matter if it's an rpm I've made, or an RPM I've got from elsewhere.
I'd just schedule a remote command on all the machines to import an extra key
from a heredoc if you wanted to update the list of known keys.
jh
--
"We simultaneously disdain and covet American culture, comdemning it as junk
food, even as we reach for another helping - a kind of binge-and-puke social
bulimia." -- Jonathan Freedland
More information about the Spacewalk-list
mailing list