Bug 1198723
| Summary: | [RFE] GPG support for Debian packages /repos | ||
|---|---|---|---|
| Product: | [Community] Spacewalk | Reporter: | schuler.philipp |
| Component: | Server | Assignee: | Tomáš Kašpárek <tkasparek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Red Hat Satellite QA List <satqe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.2 | CC: | bzed, Paul-Andre.Panon, robert.paschedag, tkasparek |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-15 07:59:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 737830, 1653216 | ||
| Attachments: | |||
|
Description
schuler.philipp
2015-03-04 17:13:57 UTC
Created attachment 999611 [details]
apt-transport-spacewalk patch for signed repos
Created attachment 999612 [details]
apt-transport-spacewalk patch for signed repos
Created attachment 999613 [details]
spacewalk-server patch for signed repos
I have got it working with some patches to package apt-transport-spacewalk for the client side and a small patch to backend/server/rhnRepository.py for server side. Diffs are attached. This changes the way the sources.list is layouted, from deb spacewalk://spacewalk.xxx.lan channels: main precise-spacewalk-client precise-security precise-updates which is wrong and doesnt follow the debian repo format to deb spacewalk://spacewalk.xxx.lan precise repodata deb spacewalk://spacewalk.xxx.lan precise-spacewalk-client repodata deb spacewalk://spacewalk.xxx.lan precise-security repodata deb spacewalk://spacewalk.xxx.lan precise-updates repodata Whats left todo is add the generation of the Release and Release.gpg file to DebRepositoryWriter.java I have a small bash script for that as cron now. See attachement. Created attachment 999617 [details]
script for generating metafiles for repo signing
Some more info on how to put this together http://www.devops-blog.net/spacewalk/gpg-signing-apt-repository-in-spacewalk Created attachment 1301897 [details]
spacewalk-server patch for signed repos
Updated to work with Spacewalk backend 2.6.78
Created attachment 1301909 [details]
apt-transport-spacewalk patch for signed repos
Updates two files, pre_invoke.py and spacewalk in current Debian/Ubuntu Spacewalk client.
Created attachment 1301915 [details]
script for generating metafiles for repo signing
Added command to generate InRelease file used by Debian and Ubuntu 16.04+ apt-get client
Uploaded updated patches for Spacewalk 2.6 and Ubuntu 16.04 spacewalk.git(master): b3dd522b157449be85640625f363b25b0861503e I messed up in the spacewalk-server patch update. I saw an error and tried to fix it but didn't do it right. The default content-type is application-gzip. modules.yaml isn't a gzip file, and neither are the Release files. To set content-types correctly the code block should look like
@@ -237,17 +235,13 @@
if file_name in ["repomd.xml", "comps.xml"]:
content_type = "text/xml"
+ elif file_name in ["InRelease", "Release", "Release.gpg"]:
+ content_type = "text/plain"
+ elif file_name in ["modules.yaml"]:
+ content_type = "application/x-yaml"
elif file_name not in ["primary.xml.gz", "other.xml.gz",
"filelists.xml.gz", "updateinfo.xml.gz", "Packages.gz"]:
log_debug(2, "Unknown repomd file requested: %s" % file_name)
raise rhnFault(6)
Although maybe "Release.gpg" should have "application/pgp-signature" as content-type Um, make that application/gpg-signature Move Spacewalk 2.9 bugs ON_QA. Spacewalk 2.9 has been released. https://github.com/spacewalkproject/spacewalk/wiki/ReleaseNotes29 |