The very first time that I install a package from epel, I am prompted if I want to import a GPG key.
Notice how there are 2 'Is this ok' prompts when installing redis?
[root@us-devops-build02 yum.repos.d]# yum install redis
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
.. truncated for readability
Total download size: 213 k
Installed size: 668 k
Is this ok [y/N]: y
Downloading Packages:
redis-2.4.10-1.el6.x86_64.rpm | 213 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
Importing GPG key 0x0608B895:
Userid: "EPEL (6) <epel@fedoraproject.org>"
From : http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
Is this ok [y/N]: y
This causes puppet to fail on freshly-provisioned machines, unless I ssh in to the machine first and manually accept the installation of this key.
- Why does epel need a key to be downloaded on the first installation of a package?
- How can I automatically install this key on my images so puppet won't fail?
Best Answer
The reason yum is asking for a key is that it is not present in /etc/pki/rpm-gpg
You can import the key in one of 4 ways:
use
rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6(as suggested by slm)Install a package and then wait for the prompt (like I was doing)
Use the RPM package provided by epel, it installs the repo and the key simultaneously.
sudo yum -y install http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm"Manually copy the key to the right directory.