Signing nexus yum repo with gpg keys


We have Sonatype Nexus Repository ManagerOSS 3.18.1-01. We created a yum repo and uploaded a few rpms into it. However we are unable to sign the repo with our gpg keys.

We tried doing the following

signrepo http://nexus-url/repo/repoName/repoFolder/
gpg: can’t open `http://nexus-url/repo/repoName/repoFolder/repodata/repomd.xml’: No such file or directory
gpg: signing failed: No such file or directory

We confirmed repodata/repomd.xml is present in the Nexus.

Whats the recommended way to sign a yum repo in Nexus ?

Appreciate any help.

I believe this issue might help you.

In workaround section is described how to do that. Create Raw-hosted repository in Nexus and put public keys there.
In yum-client config in gpgkey section just provide full URL to this key-file.
That works for us.

@Dmitry Afanasyev,

Thanks for the link. That helps to keep the gpg keys there, which can be used from yum client.

But is there anyway Nexus will automatically sign a repo with the gpg keys?

We are uploading a bunch of rpms (asynchronously) into Nexus from CI. We would like the repo to be signed to be automatically signed with the gpg key on every rpm upload.

Currently the workaround we have is to obtain a semaphore on a global file, download the repodata/repomd.xml, sign it and upload the repomd.xml.asc file.

It appears that Nexus takes upto a minute to update the “repodata/”, so the only we can ensure this is, is to download the repomd.xml first, keep trying until a new is available, download, sign and upload the repomd.xml.asc.

Ideally if this is a built-in function in Nexus, we would just configure the gpg keys and let Nexus automatically sign the repo after every rpm upload.

Is this feature available in Nexus?

I believe that Nexus still does not have this built-in feature because of that issue that relies at version 3.8 and still not marked as fixed\released :slight_smile:

I can’t say when Sonatype planning to release this because I’m not one of them, I’m just simple Nexus user\Administrator as you :slight_smile:

But still you can vote for this issue and may be it will be released faster. Because I’m agree with you that it will be very cool to have these feature out-of-the-box.

1 Like