Recently I used the yum-config-manager program from the yum-utils package to add a repository in a CentOS-box.
This is the easy part:
# install the yum-config-manager
yum -y install yum-utils
# add the official ansible repository
yum-config-manager --add-repo=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
What gets added in /etc/yum.repos.d/
is a file with the following content:
[releases.ansible.com_ansible_rpm_release_epel-7-x86_64_]
name=added from: https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
baseurl=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
enabled=1
Now how to set for example the gpg-key with this command? That’s trickier.
The man-page for yum says you should use --setopt
to “set arbitrary config and repo options”. man yum-config-manager
goes into a little more detail:
Set any config option in yum config or repo files. For options
in the global config just use: --setopt=option=value for repo
options use: --setopt=repoid.option=value. The latter form
accepts wildcards in repoid that will be expanded to the
selected sections. If repoid contains no wildcard, it will
automatically be selected; this is useful if you are
addressing a disabled repo, in which case you don't have to
additionally pass it as an argument.
So to set the gpg-key for the repository I created before, I had to use this command:
yum-config-manager --save --setopt=releases.ansible.com_ansible_rpm_release_epel-7-x86_64_.gpgkey=https://releases.ansible.com/keys/RPM-GPG-KEY-ansible-release.pub
Top comments (5)
Usually, just installing the -release RPM takes care of things like any necessary GPG key-imports. Our primary usage of yum-config-manager is when a third-party repository needs to be permanently enabled (and the release-RPM doesn't default to enabling the installed repository definition(s)).
Yeah, usually. However with Ansible (or our self-created repos) that's not always the case, sadly.
That's a good use-case, too!
When you build your self-created repos, you don't include the requisite verification keys' installation and enablement within the release-RPMs that define those repos to your client systems?
Well, with "our repos" I meant our companies repo's, managed by someone else who does not do this. So - yeah.
My condolences. Seems the number of people that know how to maintain a custom yum repository hosting custom RPMs is quite small ...smaller, even, than the already small number of people that know how to create RPMs (let alone properly sign one).