Yuri Kanivetsky
2017-Mar-12 17:30 UTC
[CentOS] How do I confirm importing repo key without user intervention?
> what about importing the key beforehand> rpm --import keyfileThat's what I do. But when I try to install a package from that (passenger) repository manually, yum wants my confirmation: # curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo # grep gpgkey /etc/yum.repos.d/passenger.repo gpgkey=https://packagecloud.io/gpg.key gpgkey=https://packagecloud.io/gpg.key # rpm --import 'https://packagecloud.io/gpg.key' # yum install passenger Loaded plugins: fastestmirror passenger/7/x86_64/signature | 836 B 00:00:00 Retrieving key from https://packagecloud.io/gpg.key Importing GPG key 0xD59097AB: Userid : "packagecloud ops (production key) <ops at packagecloud.io>" Fingerprint: 418a 7f2f b0e1 e6e7 eabf 6fe8 c2e7 3424 d590 97ab From : https://packagecloud.io/gpg.key When I do it from a script, it fails. Regards, Yuri
Alexander Dalloz
2017-Mar-12 18:34 UTC
[CentOS] How do I confirm importing repo key without user intervention?
Am 12.03.2017 um 18:30 schrieb Yuri Kanivetsky:>> what about importing the key beforehand > >> rpm --import keyfile > > That's what I do. But when I try to install a package from that > (passenger) repository manually, yum wants my confirmation: > > # curl --fail -sSLo /etc/yum.repos.d/passenger.repo > https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo > > # grep gpgkey /etc/yum.repos.d/passenger.repo > gpgkey=https://packagecloud.io/gpg.key > gpgkey=https://packagecloud.io/gpg.key > > > # rpm --import 'https://packagecloud.io/gpg.key' > > # yum install passenger > Loaded plugins: fastestmirror > passenger/7/x86_64/signature > | 836 B 00:00:00 > Retrieving key from https://packagecloud.io/gpg.key > Importing GPG key 0xD59097AB: > Userid : "packagecloud ops (production key) <ops at packagecloud.io>" > Fingerprint: 418a 7f2f b0e1 e6e7 eabf 6fe8 c2e7 3424 d590 97ab > From : https://packagecloud.io/gpg.key > > When I do it from a script, it fails. > > Regards, > YuriIt looks like the passenger RPM has a script importing the GPG key. Check using "rpm -q --scripts passenger". Is that an interactive step? That would be a bad design. Alexander
Yuri Kanivetsky
2017-Mar-13 04:32 UTC
[CentOS] How do I confirm importing repo key without user intervention?
> It looks like the passenger RPM has a script importing the GPG key. Check using "rpm -q --scripts passenger".>From what I can see, it doesn't:# rpm -q --scripts passenger postinstall scriptlet (using /bin/sh): if /usr/sbin/sestatus | grep 'SELinux status' | grep -q enabled; then actual_selinux_variants=; for selinux_policy_file in /etc/selinux/*/policy; do selinux_policy_dir=$(dirname ${selinux_policy_file}); actual_selinux_variants="$actual_selinux_variants $(basename ${selinux_policy_dir})"; done; actual_selinux_variants=$(echo ${actual_selinux_variants}); if [ -z "${actual_selinux_variants}" ]; then actual_selinux_variants=targeted; fi for selinuxvariant in ${actual_selinux_variants}; do if [ -e /usr/share/selinux/${selinuxvariant}/passenger.pp ]; then echo "Installing Passenger SELinux policy for the $selinuxvariant variant" /usr/sbin/semodule -s ${selinuxvariant} -i \ /usr/share/selinux/${selinuxvariant}/passenger.pp || : fi done /sbin/fixfiles -R passenger restore || : /sbin/restorecon -R /usr/lib64/passenger/support-binaries || : fi postuninstall scriptlet (using /bin/sh): if [ $1 -eq 0 ] ; then actual_selinux_variants=; for selinux_policy_file in /etc/selinux/*/policy; do selinux_policy_dir=$(dirname ${selinux_policy_file}); actual_selinux_variants="$actual_selinux_variants $(basename ${selinux_policy_dir})"; done; actual_selinux_variants=$(echo ${actual_selinux_variants}); if [ -z "${actual_selinux_variants}" ]; then actual_selinux_variants=targeted; fi for selinuxvariant in ${actual_selinux_variants}; do /usr/sbin/semodule -s ${selinuxvariant} -r passenger &> /dev/null || : done /sbin/fixfiles -R passenger restore || : [ -d /usr/lib64/passenger/support-binaries ] && \ /sbin/restorecon -R /usr/lib64/passenger/support-binaries &> /dev/null || : fi It more looks like yum wants confirmation for some reason. Regards, Yuri
Reasonably Related Threads
- How do I confirm importing repo key without user intervention?
- How do I confirm importing repo key without user intervention?
- How do I confirm importing repo key without user intervention?
- How do I confirm importing repo key without user intervention?
- [PATCH ovirt-node] Removed subpackages, stateful, stateless, logos, and selinux for inclusuion in Fedora