loading...

Advanced usage of yum-config-manager with setopts

rndmh3ro profile image rndmh3ro Originally published at zufallsheld.de on ・1 min read

Recently I used the yum-config-manager program from the yum-utils package to add a repository in a CentOS-box.

This is the easy part:

# install the yum-config-manager
yum -y install yum-utils

# add the official ansible repository
yum-config-manager --add-repo=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/

What gets added in /etc/yum.repos.d/ is a file with the following content:

[releases.ansible.com_ansible_rpm_release_epel-7-x86_64_]
name=added from: https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
baseurl=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
enabled=1

Now how to set for example the gpg-key with this command? That’s trickier.

The man-page for yum says you should use --setopt to “set arbitrary config and repo options”. man yum-config-manager goes into a little more detail:

Set any config option in yum config or repo files. For options
in the global config just use: --setopt=option=value for repo
options use: --setopt=repoid.option=value. The latter form
accepts wildcards in repoid that will be expanded to the
selected sections. If repoid contains no wildcard, it will
automatically be selected; this is useful if you are
addressing a disabled repo, in which case you don't have to
additionally pass it as an argument.

So to set the gpg-key for the repository I created before, I had to use this command:

yum-config-manager --save --setopt=releases.ansible.com_ansible_rpm_release_epel-7-x86_64_.gpgkey=https://releases.ansible.com/keys/RPM-GPG-KEY-ansible-release.pub

Discussion

pic
Editor guide
Collapse
ferricoxide profile image
Thomas H Jones II

Usually, just installing the -release RPM takes care of things like any necessary GPG key-imports. Our primary usage of yum-config-manager is when a third-party repository needs to be permanently enabled (and the release-RPM doesn't default to enabling the installed repository definition(s)).

Collapse
rndmh3ro profile image
rndmh3ro Author

Usually, just installing the -release RPM takes care of things like any necessary GPG key-imports

Yeah, usually. However with Ansible (or our self-created repos) that's not always the case, sadly.

Our primary usage of yum-config-manager is when a third-party repository needs to be permanently enabled (and the release-RPM doesn't default to enabling the installed repository definition(s)).

That's a good use-case, too!

Collapse
ferricoxide profile image
Thomas H Jones II

When you build your self-created repos, you don't include the requisite verification keys' installation and enablement within the release-RPMs that define those repos to your client systems?

Thread Thread
rndmh3ro profile image
rndmh3ro Author

Well, with "our repos" I meant our companies repo's, managed by someone else who does not do this. So - yeah.

Thread Thread
ferricoxide profile image
Thomas H Jones II

My condolences. Seems the number of people that know how to maintain a custom yum repository hosting custom RPMs is quite small ...smaller, even, than the already small number of people that know how to create RPMs (let alone properly sign one).