You can now choose from a number of pre-installed themes

yum install --nogpgcheck and friends

Started by yumhamster, May 16, 2021, 01:43:03 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Hi all,

I'm trying to use yum whilst building a docker image.  Standard stuff.  The docker image is built on a gitlab-runner (via kaniko).  Again standard stuff.

I am trying to install centos-release-scl which has an associated gpg key for rpm verification.

$ yum install -y centos-release-scl

The gitlab admin's in their wisdom have mounted the gitlab-runner docker volume /etc/pki read-only which causes my yum install to fail since it is unable to write the gpg key to /etc/pki/rpm-gpg/ .  They will not change this behaviour.

Is there a way to stop yum from downloading the gpg signature?  It seems there are ways to ask for no gpg checking (eg. via 'gpgcheck = 0' or 'yum install --nogpgcheck' or 'setting yum.conf [main] gpgcheck=0'), but still yum insists on downloading the gpg signature.  And the docker build fails.


metadata_expire = 1
enabled_metadata = 1
sslclientcert = /etc/pki-docker/entitlement/5503589818749365981.pem
baseurl = https://path/to/CentOS_7/extras_x86_64
sslverify = 1
name = co7_extras_x86_64
sslclientkey = /etc/pki-docker/entitlement/5503589818749365981-key.pem
gpgkey = https://path/to/gpg_key_content
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 0

You will notice I have changed /etc/pki to /etc/pki-docker above.  This works well for non-gpg checked repos;  presumably ones where the gpg does not exist at all on the remote satellite mirror.

Running the yum install in a local docker container (ie. not via a gitlab-runner) results in the following highlighting where the gpg signature is downloaded to before installation.

[[email protected] bin]# ls -ltr /etc/pki/rpm-gpg/
total 16
-rw-r--r--.   1 root root 1057 Oct 29  2018 RPM-GPG-KEY-CentOS-SIG-SCLo

Is there a way to stop this?  Alternatively (and preferably) is there a way to have the key saved to my /etc/pki-docker/rpm-gpg directory and installed from there?  Allowing gpg checking to take place?

Help me Obi Wan.  I'm really stumped! 


Hello Yumhamster - and welcome to the Forum.

First of all;  please read the "New Members Start Here" boards before submitting your posts, or they may be deleted. 

I am not familiar with this subject but I noticed a couple of things. 
1. Did the system provide any error messages during the attempted installation?  If so, please post them - the more information that you provide the easier it is for people to assist. 
2. Although the file /etc/pki/rpm-gpg/ is writable by the owner, you might like to try changing the permissions: sudo chmod 777 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLojust to cover all possibilities.  Overkill, I know, but worth a try. 
3. Have you checked that the paths to CentOS_7/extras_x86_64 and gpg_key_content actually work?  (always a good idea to provide the paths in your post)

Have a look at