2

I followed the below steps to grab the EPEL GPG key and I'm trying to verify if it's working. This is on a freshly installed RHEL7 system.

Repo: https://dl.fedoraproject.org/pub/epel/7/x86_64/

# cd /etc/pki/rpm-gpg/
# wget https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# cd /etc/yum.repos.d

Edit: /etc/yum.repos.d/dl.fedoraproject.org_pub_epel_7_x86_64_.repo

gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

I do a test install with the python-pip package and it shows that it's installing with my EPEL repo:

Installing:
python-pip       noarch       7.1.0-1.el7      dl.fedoraproject.org_pub_epel_7_x86_64_         1.5 M

Transaction Summary

Install  1 Package

Total download size: 1.5 M
Installed size: 6.6 M
Is this ok [y/d/N]: y
Downloading packages:
python-pip-7.1.0-1.el7.noarch.rpm                    1.5 MB  00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-pip-7.1.0-1.el7.noarch                        1/1
Verifying  : python-pip-7.1.0-1.el7.noarch                        1/1

Installed:
python-pip.noarch 0:7.1.0-1.el7

Complete!

This is all I get. I was led to believe that it prompts to confirm the keys,e.g., Retreiving key from file:///..etc..., Importing GPG key 0x35..... It never mentions anything about a GPG key/signature so I'm not sure if it's working. Any help on this would be great.

Thanks

hashwagon
  • 67
  • 1
  • 8

2 Answers2

3

You should check if yum is configured to check gpg signatures. You're looking for something like this in /etc/yum.repos.d/epel.repo:

[epel]
 [...]
gpgcheck=1

If that's there, then as Alex notes, you wouldn't be able to use the repo if the signatures weren't matching the keys. That is also Red Hat's formal advice on the subject (see bottom of linked page).

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • Thanks, MaddHatter. The gpgcheck is set to 1 in the .repo file. I'll keep poking away at this. – hashwagon Apr 29 '16 at 08:35
  • If you're satisfied, you should accept one of the answers to this question, by clicking the tick outline next to it. My apologies if you already know this. – MadHatter Apr 29 '16 at 08:36
  • I'm training for an exam so I was using a lab server. I did a local install with CentOS 7 and I was able to solve my question. After recently adding a GPG key it will verify if you want to use it the first time. Thanks all. – hashwagon Apr 29 '16 at 11:19
  • To be precise, after you put a key on disc, `yum` will ask if you want to import it to the keyring when it next comes across it. – MadHatter Apr 29 '16 at 12:31
0

If it wasn't working, you wouldn't be able to use epel repo, as simple as that.

sysfiend
  • 1,387
  • 1
  • 12
  • 24