How to properly configure repo_gpgcheck base repository?
i am trying to gpg sign my meta data of some redhat 7 repos ive sync to my server to be used as clients repository's but there are some stuff im not sure i understand.
I've successfully created and signed my repositories and doing so generated the repomd.xml.key repomd.xml.asc files inside the repodata folder.
Ive set the configuration key value in the client repo file with repo_gpgcheck=1 and I also tried to set gpgkey=linktorepo/repodata/repomd.xml.key and even rpm –import repomd.xml.key.
I did got prompt once in order to import the gpg key so until now all is well.
And here is where im note sure of some stuff.
- When I run "yum makecache" I see 3 exclamation (!!!) marks at the end of the lines. Why is that?
- I tried to simulate the all process again but I could not remove the key that got imported . I remove any rpm pubkey or any gpg -k keys I could find that relates to my key but I never got prompt again to import my key. Even if I clean yum cache or rm -rf /var/cache/yum/*. How can I remove the key and start over?
• It seems that once the key is imported even once and removed from rpm or wherever ,setting repo_gpgcheck=1 will never request it again.
• From where I need to remove the cached key? I can not find it anywhere in the system. - Am I missing something in the process?
- I want only to use meta data based gpg signing and not gpg packages based signing.
[root@client1 yum.repos.d]# yum makecache
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
rhel-7-server-rpms/signature | 490 B 00:00:00
rhel-7-server-rpms/signature | 3.1 kB 00:00:00 !!!
Metadata Cache Created
[root@client1 yum.repos.d]# cat redhat7.repo file
[rhel-7-server-rpms]
name=rhel-7-server-rpms
enabled=1
autorefresh=1
baseurl=http://server1:1080/repos/updates/redhat7/rhel-7-server-rpms/
path=/
type=rpmmd
keeppackages=0
