Join the community today
Register Now

Signed Repository Metadata is now Available for CentOS 6 and 7 for the Updates Repo

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, May 7, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    8:09 AM
    Nginx 1.13.x
    MariaDB 5.5
    The CentOS Project is now providing a signed copy of the repodata metadata file (repomd.xml.asc) for our Updates Repository for both CentOS-6 and CentOS-7. To use this feature, you would edit the file /etc/yum.repos.d/ CentOS-Base.repo and locate the [updates] section, the default looks like this:

    #released updates
    name=CentOS-$releasever – Updates

    You would add in this option:


    Currently we only have this option available on the [updates] repos for CentOS-6 and CentOS-7, but we will be rolling it out to all C6 and C7 repos in the future.

    Yum will verify that the repo in question is signed with the RPM-GPG-KEY-CentOS-7 (or RPM-GPG-KEY-CentOS-6 for CentOS-6) key .. so you can be sure these updates come directly from the CentOS Project and no one else.

    Here is a good read about GPG sign and verify RPM packages and yum repositories . It also explains why we are not rolling it into the CentOS-5 repos.

    There is also further information on this CentOS Maillist thread.

    Continue reading...