Changes between Version 5 and Version 6 of SecuredRemoteData

Show
Ignore:
Author:
james (IP: 65.172.155.230)
Timestamp:
01/20/11 17:46:20 (7 years ago)
Comment:

add data about auto-importing of known CA keys

Legend:

Unmodified
Added
Removed
Modified
  • SecuredRemoteData

    v5 v6  
    2424 3. Yum downloads all the files given in the "gpgkey" data for the repository that the package comes from. Yum parses that, ignoring any keys already present in the rpmdb. If there are no new keys, yum will fail. 
    2525 
    26  4. If there is a "gpgcakey" specified for the repository, then yum will download all the files given in the "gpgcakey" data. Yum parses that, ignoring any keys already present in that repositories gpg keyring. If there are no gpgcakeys installed after parsing the file, yum will fail. If there are new gpgcakeys, then the user is asked if he wants to install each key (unless -y is given). If he says no to *any* key, yum fails (although all imported keys stay in the repo. gpg keyring). 
     26 4. If there is a "gpgcakey" specified for the repository, then yum will download all the files given in the "gpgcakey" data. Yum parses that, ignoring any keys already present in that repositories gpg keyring. If there are no gpgcakeys installed after parsing the file, yum will fail. If there are new gpgcakeys, then if they are already imported as CA keys for another repo. they are automatically imported. If this is the first tiem we've seen this CA key the user is asked if he wants to install the key (unless -y is given). If he says no to *any* key, yum fails (although all imported keys stay in the repo. gpg keyring). 
    2727 
    2828 5. If there is at least one valid "gpgcakey", yum will try to download a "gpgkey".asc file. If that doesn't exists, yum moves on to step #6 as though there was no gpgcakey. If it does exist then the "gpgkey" is tested against the "gpgcakey" and if it passes it's added to the rpmdb, if it fails then yum fails (although all imported keys stay in the rpmdb).