Red Hat Bugzilla – Bug 365021
[RFE] Disable GPG check on package files installed via localinstall
Last modified: 2014-01-21 17:59:58 EST
It would be handy if yum localinstall disabled the GPG verification on the
packages passed to it on the command line, but still enforced it on packages
installed from repositories.
Automating that change just makes the likelihood of someone bein exploited greater.
If you are localinstalling and want to make sure gpgchecking is off there are 2
1. yum --nogpgcheck localinstall foo.rpm
2. edit /etc/yum.conf and under [main] set gpgcheck=0
In the 2nd case that'll disable it ONLY for the global case and any repo which
has gpgcheck=1 will continue gpg checking