[ovirt-users] Secure installation via RPM

Sandro Bonazzola sbonazzo at redhat.com
Thu Feb 16 10:38:58 UTC 2017


On Wed, Feb 15, 2017 at 5:22 AM, Michael Gauthier <mike at silverorange.com>
wrote:

> Hello,
>
> The getting download documentation (http://www.ovirt.org/download/) says
> to use yum to install a RPM directly from a plain HTTP URL. Is there a
> HTTPS host for the oVirt RPMs?


We're not running https on resources.ovirt.org. I'm opening a ticket on
infra for this.



> If not, is the RPM signed with a GPG key? Is the GPG signature available
> via HTTPS?
>

release rpms are signed, you can get gpg key manually as described in the
website:

$ gpg --recv-keys FE590CB7
$ gpg --list-keys --with-fingerprint FE590CB7
---
pub   2048R/FE590CB7 2014-03-30 [expires: 2021-04-03]
      Key fingerprint = 31A5 D783 7FAD 7CB2 86CD  3469 AB8C 4F9D FE59 0CB7
uid                  oVirt <infra at ovirt.org>
sub   2048R/004BC303 2014-03-30 [expires: 2021-04-03]
---
$ gpg --export --armor FE590CB7 > ovirt-infra.pub
# rpm --import ovirt-infra.pub




>
> Please see https://access.redhat.com/blogs/766093/posts/1976693
>
> Thanks,
> Mike
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170216/3e4e2560/attachment.html>


More information about the Users mailing list