How to Disable GPG checks per Channel in Spacewalk

Is it possible to disable GPG checks on a per channel basis in Spacewalk?

For patching of my servers, I've converted from using local yum repositories on the clients under /etc/yum.repos.d, to registering the client with a spacewalk server.

However, we have an internal yum repository, and I don't have the GPG keys which were used to sign the packages. This isn't an problem when using local yum repos, as I can just disable gpg on the repository using gpgcheck=0. However, it doesn't appear that I can do something similar with spacewalk. Even though I don't have a key associated with the channel, installing from the command line gives GPG errors (ie: yum install -y somepackage).

From the CLI, I can get around this using the –nogpgcheck option to yum. However, we're using puppet in our environment to install some of these packages, and there doesn't appear to be a simple way to pass in optional parameters to yum through puppet.

I've seen some suggestions indicating I could set gpgcheck=0 in /etc/yum/pluginconf.d/rhnplugin.conf, but that will disable checks on all channels, and I'd rather just disable it for the internal packages, for which I don't have the keys.

Best Answer

Actually this is very easy, simply poorly documented. (I know, I spent a long time looking for this answer).

In the /etc/yum/pluginconf.d/rhnplugin.conf file simply create a section corresposnding to the channel name for which you want to disable checks.

# Company Development centos 6 
[company-dev-centos6-x86_64]
gpgcheck = 0

The man page doesn't even mention that this can be done. But there are comments in the file that demo it.

Best Answer

Related Solutions

Centos – Working with a custom YUM repository

Firewall – why does yum update fail in cent os 6.4 when wget and curl succeeds

Related Topic