对于 YUM (RHEL),我可以使用指向密钥文件的 HTTPS 链接指定存储库,例如/etc/yum.repo.d/elastic-7.x.repo
:
[elastic-7.x]
baseurl = https://artifacts.elastic.co/packages/7.x/yum
gpgcheck = 1
gpgkey = https://artifacts.elastic.co/GPG-KEY-elasticsearch
name = Elasticsearch repository for 7.x packages
如果是 Debian,我必须先下载一个密钥文件:
sudo curl -o /usr/share/keyrings/elastic.asc https://artifacts.elastic.co/GPG-KEY-elasticsearch
而不是通过属性注册该文件signed-by
:
deb [signed-by=/usr/share/keyrings/elastic.asc arch=amd64] https://artifacts.elastic.co/packages/7.x/apt stable main
我可以通过 HTTPS URL 指定签名密钥吗?
这样我可以避免在它们腐烂时更新密钥。