Today I have been working on a project for work that involved accessing FTPS using curl. I needed the curl –libcurl switch which is not available in curl 7.15 so I needed to upgrade curl on the CentOS server I was working on. The problem is that there are not any repos with newer versions of curl available so then I set out to create my own curl RPM package. I was able to do this while learning many things along the way such as signing RPM packages. The first revision of my curl RPM package was not signed but I wanted to go ahead and install it anyway so below I explain installing unsigned RPM packages using yum.
Yum Error: Package curl-7.20.0-1.i386.rpm is not signed
You may get the above error when attempting to install an RPM package using yum. I received the above error after creating my own RPM package using rpmbuild and then attempting to install it using the syntax below. The below also includes the output of the “yum localinstall curl-7.20.0-1.i386.rpm” command.
Error Attempting To Install An Unsigned RPM Package With Yum:
- [root@dev i386]# yum localinstall curl-7.20.0-1.i386.rpm
- Loading "fastestmirror" plugin
- Setting up Local Package Process
- Loading mirror speeds from cached hostfile
- * base: ftp.osuosl.org
- * updates: centos.mirrors.tds.net
- Examining curl-7.20.0-1.i386.rpm: curl - 7.20.0-1.i386
- Marking curl-7.20.0-1.i386.rpm as an update to curl - 7.15.5-2.1.el5_3.5.i386
- Resolving Dependencies
- --> Running transaction check
- ---> Package curl.i386 0:7.20.0-1 set to be updated
- --> Finished Dependency Resolution
- Dependencies Resolved
- Package Arch Version Repository Size
- curl i386 7.20.0-1 curl-7.20.0-1.i386.rpm 1.6 M
- Transaction Summary
- Install 0 Package(s)
- Update 1 Package(s)
- Remove 0 Package(s)
- Total download size: 1.6 M
- Is this ok [y/N]: y
- Downloading Packages:
- Package curl-7.20.0-1.i386.rpm is not signed
As you can see the command provided an error stating that the RPM package I was attempting to install was not signed. To get around this error you can modify the gpgcheck setting located in the yum.conf file. The yum configuration file or yum.conf is typically located in the /etc directory on CentOS Linux. So change the yum.conf gpgcheck line to the below setting to be able to install unsigned packages with yum. Below is the current yum.conf file on the server I am working on.
Modify gpgcheck In Yum Configuration File yum.conf:
- # Note: yum-RHN-plugin doesn't honor this.
- # Default.
- # installonly_limit = 3
- # PUT YOUR REPOS HERE OR IN separate files named file.repo
- # in /etc/yum.repos.d
Again the configuration line we are worried about for this example is the gpgcheck=0 line which is telling yum to not worry about checking for the GPG signature provided with most packages. You should only disable this if you are familiar with the source of the RPM packages you will be installing via yum or you are familiar with the repository you are pointing yum to that has unsigned packages.