GPG
YUM GPG keys
GPG signature info
EventStore/EventStore-OSS has its YUM metadata signed with EventStore-EventStore-OSS-41F3EF9251D151CA.pub.gpg.
Important notes
There are two types of GPG keyrings used on RPM-based systems:
- RPM's GPG keyring. This keyring is used for verifying signatures on RPM packages.
- YUM's GPG keyring. This keyring is used for verifying signatures on repository metadata. There is one keyring per repository on the system.
The YUM GPG keyring (number 2 above) is the keyring that the information on this page refers to.
Import GPG key for EventStore/EventStore-OSS
To import a GPG key to verify YUM metadata, you must create a repo config with the GPG key URL. This is done automatically with all of our install methods.
If you'd like to do this manually for EventStore/EventStore-OSS, follow the instructions on the manual install page
Remove GPG key for EventStore/EventStore-OSS
Unfortunately GPG key removal is not particularly user friendly.
- Check your
/etc/yum.conf
file and note the value ofpersistdir
. Ifpersistdir
is not set, you can assume it is/var/lib/yum
. - Determine which CPU architecture the repo has been installed for: i386 for 32-bit systems and x86_64 for 64-bit systems.
- Determine the verison number of the CentOS or Red Hat you are running (5, 6, or 7).
- Replace x86_64 and 7 in the following command with your CPU architecture and CentOS or RedHat version:
gpg --homedir /var/lib/yum/repos/x86_64/7/EventStore_EventStore-OSS/gpgdir --delete-key 41F3EF9251D151CA
APT GPG keys
GPG signature info
EventStore/EventStore-OSS has its APT metadata signed with EventStore-EventStore-OSS-41F3EF9251D151CA.pub.gpg.
Import GPG key for EventStore/EventStore-OSS
- Ensure you have curl installed:
sudo apt-get install curl
- Ensure you have GPG installed:
sudo apt-get install gnupg
- Add the GPG key:
curl -L https://packagecloud.io/EventStore/EventStore-OSS/gpgkey | sudo apt-key add -
Remove GPG key for EventStore/EventStore-OSS
- Remove the GPG key:
sudo apt-key remove 41F3EF9251D151CA
- You will see the output "OK" when complete. You can verify the key has been removed by running:
sudo apt-key list
List all GPG keys known to APT
- List all GPG keys known to APT:
apt-key list
Package signing keys
This repository has no package signing keys! Repository owners and collaborators can add some below.