I'm trying to use yum whilst building a docker image. Standard stuff. The docker image is built on a gitlab-runner (via kaniko). Again standard stuff.
I am trying to install centos-release-scl which has an associated gpg key for rpm verification.$ yum install -y centos-release-scl
The gitlab admin's in their wisdom have mounted the gitlab-runner docker volume /etc/pki read-only which causes my yum install to fail since it is unable to write the gpg key to /etc/pki/rpm-gpg/ . They will not change this behaviour.
Is there a way to stop yum from downloading the gpg signature? It seems there are ways to ask for no gpg checking (eg. via 'gpgcheck = 0' or 'yum install --nogpgcheck' or 'setting yum.conf [main] gpgcheck=0'), but still yum insists on downloading the gpg signature. And the docker build fails./etc/yum/conf
metadata_expire = 1
enabled_metadata = 1
sslclientcert = /etc/pki-docker/entitlement/5503589818749365981.pem
baseurl = https://path/to/CentOS_7/extras_x86_64 (https://path/to/CentOS_7/extras_x86_64)
sslverify = 1
name = co7_extras_x86_64
sslclientkey = /etc/pki-docker/entitlement/5503589818749365981-key.pem
gpgkey = https://path/to/gpg_key_content (https://path/to/gpg_key_content)
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 0
You will notice I have changed /etc/pki to /etc/pki-docker above. This works well for non-gpg checked repos; presumably ones where the gpg does not exist at all on the remote satellite mirror.
Running the yum install in a local docker container (ie. not via a gitlab-runner) results in the following highlighting where the gpg signature is downloaded to before installation.
bin]# ls -ltr /etc/pki/rpm-gpg/
-rw-r--r--. 1 root root 1057 Oct 29 2018 RPM-GPG-KEY-CentOS-SIG-SCLo
Is there a way to stop this? Alternatively (and preferably) is there a way to have the key saved to my /etc/pki-docker/rpm-gpg directory and installed from there? Allowing gpg checking to take place?
Help me Obi Wan. I'm really stumped!
Hello Yumhamster - and welcome to the Forum.
First of all; please read the "New Members Start Here" boards before submitting your posts, or they may be deleted.
I am not familiar with this subject but I noticed a couple of things.
1. Did the system provide any error messages during the attempted installation? If so, please post them - the more information that you provide the easier it is for people to assist.
2. Although the file /etc/pki/rpm-gpg/ is writable by the owner, you might like to try changing the permissions:
sudo chmod 777 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLojust to cover all possibilities. Overkill, I know, but worth a try.
3. Have you checked that the paths to CentOS_7/extras_x86_64 and gpg_key_content actually work? (always a good idea to provide the paths in your post)
Have a look at