How Do I Confirm Importing Repo Key Without User Intervention?

Home » CentOS » How Do I Confirm Importing Repo Key Without User Intervention?
CentOS 7 Comments

Hi,

Sorry for asking it again. I just thought I asked the question the wrong way. Too much unnecessary details. And therefore, got no replies.

I’m configuring a server from, say, a script (automatically). I need it to be done without user saying, “Yes, it’s okay to import the key.”

I was told to run the following command:

yum makecache -y –disablerepo=* –enablerepo=passenger

Can you confirm if this is okay? Any better ways? Thanks in advance.

Regards, Yuri

7 thoughts on - How Do I Confirm Importing Repo Key Without User Intervention?

  • Am 12.03.2017 um 16:42 schrieb Yuri Kanivetsky :

    what about importing the key beforehand

    rpm –import keyfile

  • That’s what I do. But when I try to install a package from that
    (passenger) repository manually, yum wants my confirmation:

    # curl –fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

    # grep gpgkey /etc/yum.repos.d/passenger.repo gpgkey=https://packagecloud.io/gpg.key gpgkey=https://packagecloud.io/gpg.key

    # rpm –import ‘https://packagecloud.io/gpg.key’

    # yum install passenger Loaded plugins: fastestmirror passenger/7/x86_64/signature
    | 836 B 00:00:00
    Retrieving key from https://packagecloud.io/gpg.key Importing GPG key 0xD59097AB:
    Userid : “packagecloud ops (production key)
    Fingerprint: 418a 7f2f b0e1 e6e7 eabf 6fe8 c2e7 3424 d590 97ab From : https://packagecloud.io/gpg.key

    When I do it from a script, it fails.

    Regards, Yuri

  • Am 12.03.2017 um 18:30 schrieb Yuri Kanivetsky:

    It looks like the passenger RPM has a script importing the GPG key. Check using “rpm -q –scripts passenger”. Is that an interactive step?
    That would be a bad design.

    Alexander

  • From what I can see, it doesn’t:

    # rpm -q –scripts passenger postinstall scriptlet (using /bin/sh):
    if /usr/sbin/sestatus | grep ‘SELinux status’ | grep -q enabled; then

    actual_selinux_variants=;
    for selinux_policy_file in /etc/selinux/*/policy; do
    selinux_policy_dir=$(dirname ${selinux_policy_file});
    actual_selinux_variants=”$actual_selinux_variants $(basename
    ${selinux_policy_dir})”;
    done;
    actual_selinux_variants=$(echo ${actual_selinux_variants});
    if [ -z “${actual_selinux_variants}” ]; then
    actual_selinux_variants=targeted;
    fi
    for selinuxvariant in ${actual_selinux_variants}; do
    if [ -e /usr/share/selinux/${selinuxvariant}/passenger.pp ]; then
    echo “Installing Passenger SELinux policy for the
    $selinuxvariant variant”
    /usr/sbin/semodule -s ${selinuxvariant} -i \
    /usr/share/selinux/${selinuxvariant}/passenger.pp || :
    fi
    done
    /sbin/fixfiles -R passenger restore || :
    /sbin/restorecon -R /usr/lib64/passenger/support-binaries || :
    fi postuninstall scriptlet (using /bin/sh):
    if [ $1 -eq 0 ] ; then

    actual_selinux_variants=;
    for selinux_policy_file in /etc/selinux/*/policy; do
    selinux_policy_dir=$(dirname ${selinux_policy_file});
    actual_selinux_variants=”$actual_selinux_variants $(basename
    ${selinux_policy_dir})”;
    done;
    actual_selinux_variants=$(echo ${actual_selinux_variants});
    if [ -z “${actual_selinux_variants}” ]; then
    actual_selinux_variants=targeted;
    fi
    for selinuxvariant in ${actual_selinux_variants}; do
    /usr/sbin/semodule -s ${selinuxvariant} -r passenger &> /dev/null || :
    done
    /sbin/fixfiles -R passenger restore || :
    [ -d /usr/lib64/passenger/support-binaries ] && \
    /sbin/restorecon -R /usr/lib64/passenger/support-binaries &>
    /dev/null || :
    fi

    It more looks like yum wants confirmation for some reason.

    Regards, Yuri

  • In my kickstart scripts I call yum with yum -t -y -e 0

    This just works for me. -t may be what you are looking for.

    Tris

    *************************************************************
    This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@bgfl.org

    The views expressed within this email are those of the individual, and not necessarily those of the organisation
    *************************************************************

  • Well, the idea was to make yum not ask about confirmation when doing yum install, like:

    $ rpm –import https://
    $ yum accept-key …
    $ yum install passenger

    Because, when I do `yum -y install`, I don’t know in advance which questions I’m answering with yes. And for the second command I was given:

    $ yum makecache -y –disablerepo=* –enablerepo=passenger

    Which doesn’t convey the intention. Considering this, I’m now leaning to using `yum -y install`.

    Regards, Yuri