Force RPM to check GPG key
Greg Swift
gregswift at gmail.com
Tue Apr 17 13:09:22 UTC 2012
On Tue, Apr 17, 2012 at 07:43, George Machitidze <giomac at gmail.com> wrote:
> Hi
>
> I want to force rpm during the package update or install to check if RPM
> package is signed (public key is imported).
> Is there a safe way to do this?
So you can add -K|--checksig to your installation command if using rpm
directly (ie: rpm -ivhK package.rpm)
I don't know how one would force that as a system wide configuration
option. Setting it as an alias doesn't seem to work because of other
non install related commands not liking their options after the -K.
With yum you can set a repository to gpgcheck=1 which will force it
unless manually disabled.
More information about the Rpm-list
mailing list