Multiple GPG Keys
Multiple GPG Keys do not seemed to be supported at the Product or the Repository level. This is supported by yum: http://linux.die.net/man/5/yum.conf
From the yum.conf man page:
baseurl Must be a URL to the directory where the yum repository's 'repodata' directory lives. Can be an http://, ftp:// or file:// URL. You can specify multiple URLs in one baseurl statement. The best way to do this is like this:
name=Some name for this repository
gpgkey A URL pointing to the ASCII-armored GPG key file for the repository. This option is used if yum needs a public key to verify a package and the required key hasn't been imported into the RPM database. If this option is set, yum will automatically import the key from the specified URL. You will be prompted before the key is installed unless the assumeyes option is set.
Multiple URLs may be specified here in the same manner as the baseurl option (above). If a GPG key is required to install a package from a repository, all keys specified for that repository will be installed.
#2 Updated by Eric Helms over 3 years ago
- Triaged changed from No to Yes
As far as I know, Candlepin only supports a single GPG Key URL per content (and Candlepin content is what we map a repository to for controlling access via subscriptions). Thus, we'd need to open a bug, if one does not already exist, to Candlepin. See http://www.candlepinproject.org/docs/candlepin/api.html#slash-content
#4 Updated by Klaas D over 2 years ago
This is more relevant now, the puppet pc1 repository currently uses two gpg keys
[puppetlabs-pc1] name=Puppet Labs PC1 Repository el 7 - $basearch baseurl=http://yum.puppetlabs.com/el/7/PC1/$basearch gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs-PC1 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-PC1 enabled=1 gpgcheck=1
pub 4096R/1054B7A24BD6EC30 2010-07-10 [expires: 2017-01-05] Key fingerprint = 47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30 uid Puppet Labs Release Key (Puppet Labs Release Key) <email@example.com>
pub 4096R/7F438280EF8D349F 2016-08-18 [expires: 2021-08-17] Key fingerprint = 6F6B 1550 9CF8 E59E 6E46 9F32 7F43 8280 EF8D 349F uid Puppet, Inc. Release Key (Puppet, Inc. Release Key) <firstname.lastname@example.org>