When working with RPM packages in air-gapped CentOS/RHEL systems, you'll frequently encounter this roadblock:
error: public key not installed for package-x.y.z.rpmThis occurs because RPM packages are digitally signed, and your system performs cryptographic verification by default. While this is great for security in online environments, it becomes problematic when:
- Creating offline installation media/DVDs
- Deploying to secured environments without internet access
- Working with custom-built RPMs that aren't signed
1. Temporarily Disable Verification During Installation
The fastest solution is to use RPM's --nogpgcheck flag:
rpm -ivh --nogpgcheck php-common-5.1.6-27.el5.rpmFor YUM-based installations (even with local repositories):
yum install --nogpgcheck php-common2. Permanent Configuration Change (Use With Caution)
Edit /etc/yum.conf:
[main]
gpgcheck=0
Or for specific repositories in /etc/yum.repos.d/:
[local-dvd]
name=Local DVD Repository
baseurl=file:///mnt/dvd
enabled=1
gpgcheck=0
If you can temporarily connect to import keys:
# For CentOS/RHEL base repos:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
# For third-party packages:
rpm --import https://example.com/REPO-GPG-KEYFor large-scale deployments, create a proper offline repo with all dependencies:
# Create repository metadata
createrepo /path/to/your/rpms/
# Generate and include the repo GPG key
gpg --gen-key
rpm --addsign *.rpm
Then include the public key in your installation media and import it during deployment.
While disabling GPG checks solves the immediate problem, be aware of:
- Package authenticity can't be verified
- Potential for malicious package tampering
- Compliance requirements may prohibit this
Always verify package hashes through other means when possible.
When working with RPM packages in air-gapped CentOS environments, you'll frequently encounter GPG signature verification errors like:
warning: php-common-5.1.6-27.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 1ac70ce6
error: Failed dependencies:
libmysqlclient.so.15()(64bit) is needed by php-common-5.1.6-27.el5.x86_64
libmysqlclient.so.15(libmysqlclient_15)(64bit) is needed by php-common-5.1.6-27.el5.x86_641. Temporarily Disable Verification During Installation
Use the --nogpgcheck flag with either yum or rpm:
# YUM method
yum localinstall --nogpgcheck /mnt/dvd/php-common.rpm
# RPM method
rpm -ivh --nosignature php-common-5.1.6-27.el5.x86_64.rpm2. Import the Missing GPG Keys
For CentOS 5, first locate the key on an internet-connected machine:
# Find the key ID from error message
gpg --keyserver pgp.mit.edu --recv-keys 1AC70CE6
# Export the public key
gpg --export -a 1AC70CE6 > RPM-GPG-KEY-CentOS-5
# Copy to target machine and import
rpm --import RPM-GPG-KEY-CentOS-53. Permanently Disable GPG Checks in YUM Configuration
Edit /etc/yum.conf:
[main]
gpgcheck=0
Or for specific repositories in /etc/yum.repos.d/ files:
[local-dvd]
name=Local DVD Repository
baseurl=file:///mnt/dvd
enabled=1
gpgcheck=0
For a more professional solution, create a proper local repository:
# Install createrepo if needed
rpm -ivh --nogpgcheck createrepo-0.4.11-3.el5.noarch.rpm
# Create repository structure
mkdir -p /mnt/dvd/repodata
createrepo -v /mnt/dvd/
# Create .discinfo file for DVD recognition
echo "1234567890" > /mnt/dvd/.discinfo
echo "CentOS 5.5 Packages" >> /mnt/dvd/.discinfoWhile disabling GPG checks solves the immediate problem, be aware that:
- You lose package authenticity verification
- Only use this method with trusted packages
- Consider maintaining an internal signing key for your organization