gpgcheck=0 - don't!

David Timms dtimms at
Mon Jul 2 11:20:50 UTC 2007

Bob Goodwin wrote:
> Is there no easy way to get all these keys installed in /etc/yum.repos.d 
> other than gpgcheck=0 ?
That isn't a good idea.

> (9/9): kdelibs-3.5.7-8.fc 100% |=========================|  18 MB    
> 01:45    warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key 
> ID ff6382fa
> GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or 
> directory: '/etc/pki/rpm-gpg/kde-redhat.RPM-GPG-KEY'
{If you are on F7, you should find fairly up2date kde packages within 
the normal fedora {everything} respository.}

Else, you could apply a commandline option to your yum command. find it 
by typing yum in a terminal prompt {..gpg..}. You want to be extremely 
sure that that package you are installing is what it appears to be.

My approach is to have /etc/yum.conf have keepcache=1, then try to yum 
install a package - this gets the package downloaded to the yum cache.
Then use rpm to install it: rpm -Uvh  /var/cache/yum/......

For the one you are seeing, I imagine you might have installed a 
kde-redhat-release style of package. This has extracted the repo's gpg 
key into /etc/pki, but has not installed it into the rpm database. This 
is done with: rpm --import /path/to/key/file

btw you can list installed keys with:
rpm -qai gpg\*


More information about the users mailing list