Allow this module to work on systems when global repo_gpgcheck = 1

[hammondr]

Some system hardening guides require the use of "repo_gpgcheck = 1" in yum.conf. This setting breaks this puppet module because the repo files it generates cannot set a repo-specific repo_gpgcheck setting (i.e. set it to 0 for epel).

This patch sets a value of 0 for each supported epel repo and allows override via params/hiera.

[rnelson0]

It seems like the default is 1, not 0, as you describe. I believe it should be disabled by default based on my understanding of both the flag and the amount of metadata RH signs, but I could be wrong there (appears to have only been fixed with 7.4, did 6 repos get backported signatures?)

[hammondr]

Neither EPEL 6 nor 7 contain signed repo metadata. Ref:

• https://dl.fedoraproject.org/pub/epel/6/x86_64/repodata/
• https://dl.fedoraproject.org/pub/epel/7/x86_64/repodata/

This patch makes sure repo_gpgcheck is disabled by default for the EPEL repo. For hardened systems with "repo_gpgcheck=1" in yum.conf, the EPEL repo will no longer break. Systems that aren't enforcing "repo_gpgcheck=1" in yum.conf will see no behavior changes.

[rnelson0]

Ah, so the local setting can override the global, makes sense. Sorry, it was early, I'm get it now :D

[hammondr]

Thanks for the approval. Are there any more steps before you can merge this?

[rnelson0]

I am horribly sorry this fell off my radar for so long! I've resolved the merge conflicts and merged this PR. Thank you so much for your patience.