I have a custom RPM repo in Artifactory, and GPG signing keys were recently enabled.
When I ran sudo yum check-updates
I was prompted to add the key:
Retrieving key from https://artifactory.example.com/myrepo/repodata/repomd.xml.key
Importing GPG key 0x12345678:
Userid : "John Doe <[email protected]>"
Fingerprint: 1234 5678 90ab cdef 1234 5678 90ab cdef 1234 5678
From : https://artifactory.example.com/myrepo/repodata/repomd.xml.key
I added the key, which was successful. However, I would now like to remove the key. I need to add the key programmatically (e.g. via Ansible) to numerous servers, and so I would like to reproduce the same behavior as before (where I am prompted to add the key) so that I can confirm that adding the key programmatically changes this behavior.
I have tried using yum-config-manager
to unset the gpgkey
, but the behavior remains the same (yum does not prompt me to accept the key):
sudo yum-config-manager --setopt=artifactory.gpgkey='' --save
I've additionally deleted the yum cache (sudo yum clean all
and sudo rm -rf /var/cache/yum
).
How can I remove this key from the yum repo configuration?
Version info:
$ yum --version
3.4.3
Using rpm you can list keys and remove them.
Yum has a GPG keyring for repos that support GPG metadata signing. On my system, the relevant paths for this particular repo were:
/var/lib/yum/repos/x86_64/7/artifactory/gpgdir
/var/lib/yum/repos/x86_64/7/artifactory/gpgdir-ro
I was able to delete the GPG keys from those keyrings:
Running
sudo yum check-update
at this point still did not prompt me to accept the key. I ransudo yum clean metadata
, and after thatsudo yum check-update
did re-prompt me to accept the GPG key.I found PackageCloud's page on YUM GPG keys helpful in arriving at this solution.