Spurious GPG warnings when installing packages in ADB VMs

[jberkus]

here's some of the messages I get from "yum install atomicapp":

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) security@centos.org"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Atomic
Importing GPG key 0x91BA8335:
Userid : "CentOS Atomic SIG (http://wiki.centos.org/SpecialInterestGroup/Atomic) security@centos.org"
Fingerprint: 64e3 e755 8572 b59a 3194 52aa f17e 7456 91ba 8335
Package : centos-release-adb-1-3.el7.noarch (@koji-override-2)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Atomic

This could be very painful if the user is installing anything which requires a dozen or more packages, and IMHO completely unnecessary on a development VM.

[bexelbie]

These messages don't look spurious.

1. Is the pain lessened by using 'yum -y' - I suspect it will not be fully resolved.
2. I believe you'll see none of these messages in second and subsequent runs.
3. How are you planning to use atomic app once you have it? If you're ssh'ed in, I think these messages are reasonable. If you're not we should make this part of vsm.

[LalatenduMohanty]

@jberkus @bexelbie
Need to investigate the reason of the message. centos-release is already installed in the image. My guess is that the messages are part of Yum GPG certificate import process. But I think we need to reduce the message if possible.

[jberkus]

I'm ssh'd in. However, I think that developers may be alarmed at some of those messages. I know they caught me by surprise.