Closed
Description
The Riak RPM in the packagecloud yum repository is not GPG signed, so installing it requires that GPG validation be disabled. In the docs for using the yum repo a GPG key is linked to ("gpgkey=https://packagecloud.io/gpg.key") but gpgcheck is disabled ("gpgcheck=0") and so that key will never be used.
I think that packagecloud can sign these for you.
[root@puppetlabs-centos-6 riak2]# /usr/bin/yum -y install riak
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.oss.ou.edu
* extras: centos.host-engine.com
* updates: centos.sonn.com
Resolving Dependencies
--> Running transaction check
---> Package riak.x86_64 0:2.0.5-1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================================
Installing:
riak x86_64 2.0.5-1.el6 basho_riak 57 M
Transaction Summary
================================================================================================================================================================================
Install 1 Package(s)
Total size: 57 M
Installed size: 80 M
Downloading Packages:
Package riak-2.0.5-1.el6.x86_64.rpm is not signed
[root@puppetlabs-centos-6 riak2]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
gpg-pubkey-4bd6ec30-4c37bb40 --> gpg(Puppet Labs Release Key (Puppet Labs Release Key) <[email protected]>)
gpg-pubkey-c105b9de-4e0fd3a3 --> gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <[email protected]>)
gpg-pubkey-d59097ab-52d46e88 --> gpg(packagecloud ops (production key) <[email protected]>)