Can yum be configured to import keys for non-Red Hat repositories?

Question

If I build a new RHEL server (whichever version, doesn't matter) and then attempt to install packages from either RHN or Satellite via yum I'm prompted to accept the RHN GPG key. In our case, this would be Satellite.

However, if I import my own packages to Satellite either by placing them in an existing Base channel or creating a new channel specifically for them, I'm not prompted to accept the key. The packages are signed and I've added the GPG key to Satellite.

Is there a way to get this prompt to show on custom channels or do I have no choice but to install the GPG key using rpm --import?

Answer 1

After posting this I kept looking around. I did some searches for various strings and landed on an identical question on the RHN community site. One of the comments explains why I have been unable to do what I want to do and, in turn, led to me solving the problem with some scripting.

The gist of it is that when I added the GPG Key URL to the Satellite channel I was using http://satellite.example.com/pub/<key>. Satellite will not allow this due to potential MITM attacks. Instead, it only supports the file/// URL construct. This tells yum to find the key on the local filesystem. Naturally this requires that the key be available locally.

I changed the GPG Key URL to point to the key located at file///etc/pki/rpm-gpg/<key>. I use wget to place the key in that location. Now yum asks if I wish to import the key. Once I enter y the key is added to my rpm key-chain and everything else completes appropriately.