On Wed, Feb 15, 2017 at 5:22 AM, Michael Gauthier <mike@silverorange.com> wrote:

Hello,

The getting download documentation (http://www.ovirt.org/download/) says to use yum to install a RPM directly from a plain HTTP URL. Is there a HTTPS host for the oVirt RPMs?

We're not running https on resources.ovirt.org. I'm opening a ticket on infra for this.

If not, is the RPM signed with a GPG key? Is the GPG signature available via HTTPS?

release rpms are signed, you can get gpg key manually as described in the website:

$ gpg --recv-keys FE590CB7
$ gpg --list-keys --with-fingerprint FE590CB7
---
pub   2048R/FE590CB7 2014-03-30 [expires: 2021-04-03]
      Key fingerprint = 31A5 D783 7FAD 7CB2 86CD  3469 AB8C 4F9D FE59 0CB7
uid                  oVirt <infra@ovirt.org>
sub   2048R/004BC303 2014-03-30 [expires: 2021-04-03]
---
$ gpg --export --armor FE590CB7 > ovirt-infra.pub
# rpm --import ovirt-infra.pub

Please see https://access.redhat.com/blogs/766093/posts/1976693

Thanks,
Mike
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

--

Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com