Add support for globally disabling gpgcheck

Similar to no-repo-gpgcheck but for RPM sigs.

Signed-off-by: Yann Dirson <[email protected]>

answerfile.py

@@ -93,6 +93,7 @@ def processAnswerfile(self):
                 raise AnswerfileException("Unknown mode, %s" % install_type)
 
             results['repo-gpgcheck'] = getBoolAttribute(self.top_node, ['repo-gpgcheck'], default=True)
+            results['gpgcheck'] = getBoolAttribute(self.top_node, ['gpgcheck'], default=True)
             results.update(self.parseCommon())
         elif self.operation == 'restore':
             results = self.parseRestore()

backend.py

@@ -396,9 +396,11 @@ def add_repos(main_repositories, update_repositories, repos):
             repos = repository.repositoriesFromDefinition(i['media'], i['address'])
             add_repos(main_repositories, update_repositories, repos)
             repo_gpgcheck = answers.get('repo-gpgcheck', True)
+            gpgcheck = answers.get('gpgcheck', True)
             for repo in repos:
                 if repo in main_repositories:
                     repo.setRepoGpgCheck(repo_gpgcheck)
+                    repo.setGpgCheck(gpgcheck)
 
     # A single source coming from an interactive install
     if 'source-media' in answers_pristine and 'source-address' in answers_pristine:

doc/answerfile.txt

@@ -48,6 +48,14 @@ Common Attributes
 
     Validity: any <installation> operation.
 
+  gpgcheck="false"
+
+    Disable check of rpm signature (`gpgcheck=0` in `yum.conf`), for
+    all yum repositories that are not Supplemental Packs (none of
+    which are checked). Don't use this for a production server.
+
+    Validity: any <installation> operation.
+
 
 Elements common to all answerfiles, both 'installation' and 'restore'
 ---------------------------------------------------------------------

doc/parameters.txt

@@ -225,3 +225,8 @@ Installer
   --no-repo-gpgcheck
 
     Disable check of repodata signature, for all yum repositories.
+
+
+  --no-gpgcheck
+
+    Disable check of rpm signature, for all yum repositories.

install.py

@@ -131,6 +131,9 @@ def go(ui, args, answerfile_address, answerfile_script):
         elif opt == "--no-repo-gpgcheck":
             results['repo-gpgcheck'] = False
             logger.log("Yum gpg check of repository disabled on command-line")
+        elif opt == "--no-gpgcheck":
+            results['gpgcheck'] = False
+            logger.log("Yum gpg check of RPMs disabled on command-line")
 
     if boot_console and not serial_console:
         serial_console = boot_console

repository.py

@@ -243,6 +243,7 @@ def __init__(self, accessor):
         self._identifier = MAIN_REPOSITORY_NAME
         self.keyfiles = []
         self._repo_gpg_check = True
+        self._gpg_check = True
 
         def get_name_version(config_parser, section, name_key, vesion_key):
             name, version = None, None
@@ -313,10 +314,10 @@ def _repo_config(self):
                 outfh = open(key_path, "w")
                 outfh.write(infh.read())
                 return """
-gpgcheck=1
+gpgcheck=%s
 repo_gpgcheck=%s
 gpgkey=file://%s
-""" % (int(self._repo_gpg_check), key_path)
+""" % (int(self._gpg_check), int(self._repo_gpg_check), key_path)
             finally:
                 if infh:
                     infh.close()
@@ -356,6 +357,10 @@ def setRepoGpgCheck(self, value):
         logger.log("%s: setRepoGpgCheck(%s)" % (self, value))
         self._repo_gpg_check = value
 
+    def setGpgCheck(self, value):
+        logger.log("%s: setGpgCheck(%s)" % (self, value))
+        self._gpg_check = value
+
 class UpdateYumRepository(YumRepositoryWithInfo):
     """Represents a Yum repository containing packages and associated meta data for an update."""