Bug 190674 - Feature Req: take direct URL argument, skip sig check on URL argument
Feature Req: take direct URL argument, skip sig check on URL argument
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Jeremy Katz
Depends On:
  Show dependency treegraph
Reported: 2006-05-04 09:12 EDT by Bryan J. Smith
Modified: 2014-01-21 17:54 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-18 16:32:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bryan J. Smith 2006-05-04 09:12:39 EDT
Description of problem:

"rpm" allows a direct URL argument for install, query, etc... of a rpm package.
"yum" should allow this functionality as well in its "localinstall" or possibly
a new argument.
There seems to be no "yum-utils" tool that offers this functionality either.

E.g., a common program that has a dependency on compat-libstdc++ which is often
not installed:  
# yum localinstall

An additional issue is that "yum" will attempt to check signatures on all
packages, including the "local" package.  "yum" should default to "rpm"'s
default that if a user is explicitly specifying a package.  In the above
example, "yum" should check all dependency signatures, but not the direct rpm

I'm curious if that is not directly feasible.  E.g., does "yum" merely pass on
all rpm packages to "rpm" and then report back if _any_ signature check fails? 
Or does it check signatures individually before passing to "rpm"?

Version-Release number of selected component (if applicable):

How reproducible:
All (feature enhancement request)

Actual results:

Setting up Local Package Process
Cannot open file:


Expected results:

No messages, automatically fetches via ftp/http, resolves dependencies, checks
signatures _except_ for the explicitly named rpm package.

Additional info:
Comment 1 Seth Vidal 2006-05-04 09:40:37 EDT
1. behaving like rpm when it comes to rpm is a bad idea. rpm, imo, behaves
unsafely. that won't ever be changed.

2. it might be reasonable to add a url checker to install/localinstall to grab
the package first. I'll think about that one.

Comment 2 Jeremy Katz 2006-09-18 16:32:24 EDT
There's a plugin to allow disabling the gpg check on the command line and pirut
has a tool for installing packages that gives a nice UI around needing a signature.

Note You need to log in before you can comment on or make changes to this bug.