Bug 1022462

Summary: gpgcheck always set to '0' for custom repo, even after associating gpg-keys with it
Product: Red Hat Satellite Reporter: Sachin Ghai <sghai>
Component: Content ManagementAssignee: Brad Buckingham <bbuckingham>
Status: CLOSED CURRENTRELEASE QA Contact: Sachin Ghai <sghai>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.2CC: bkearney, jmontleo, jsherril, mmccune, omaciel
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-02 14:08:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1099016    
Bug Blocks: 828909    

Description Sachin Ghai 2013-10-23 10:41:23 UTC 
Description of problem:
As per bz 803428 comment22, when we associate a gpg-key with custom repo, then on subscribing a client to this repo, gpgcheck should be set to '1' in redhat.repo. But here its not the case.

I associated a gpg key to custom repo and subscribed a client to it. But when I checked the redhat.repo, it was showing gpgcheck='0'

[root@dhcp201-165 yum.repos.d]# cat redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#

[sghai_rh_rhel6_3]
name = rhel6.3
baseurl = https://cloud-qe-8.idm.lab.bos.redhat.com/pulp/repos/sghai/dev/pubcv3/custom/rh/rhel6_3
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/candlepin-local.pem
sslclientkey = /etc/pki/entitlement/3179518075718023597-key.pem
sslclientcert = /etc/pki/entitlement/3179518075718023597.pem

Can someone please explain what is expected here ?

Version-Release number of selected component (if applicable):
Server:
=======
snap6 (MDP2)
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-glue-candlepin-1.4.6-40.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.12-3.el6sat.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-foreman-all-1.4.6-40.el6sat.noarch
katello-configure-1.4.7-6.el6sat.noarch
signo-katello-0.0.23-2.el6sat.noarch
katello-glue-elasticsearch-1.4.6-40.el6sat.noarch
katello-cli-1.4.3-24.el6sat.noarch
katello-cli-common-1.4.3-24.el6sat.noarch
katello-1.4.6-40.el6sat.noarch
katello-all-1.4.6-40.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch
rubygem-hammer_cli_katello_bridge-0.0.6-2.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
katello-common-1.4.6-40.el6sat.noarch
katello-glue-pulp-1.4.6-40.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-selinux-1.4.4-4.el6sat.noarch
pulp-katello-plugins-0.2-1.el6sat.noarch
katello-configure-foreman-1.4.7-6.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.17-6.el6sat.noarch


Client:
======
[root@dhcp201-165 yum.repos.d]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.3 (Santiago)
[root@dhcp201-165 yum.repos.d]# rpm -qa | grep katello-agent
katello-agent-1.4.4-3.el6sat.noarch
[root@dhcp201-165 yum.repos.d]# rpm -qa | grep subscription-manager
subscription-manager-0.99.19-1.el6.x86_64
[root@dhcp201-165 yum.repos.d]# 

How reproducible:
always

Steps to Reproduce:
1. register a client with server and subscribe it to a custom repo which should be associated with correct gpg key
2.
3.

Actual results:
gpgcheck value in redhat.repo is set to '0'


Expected results:
It should be '1' when gpg-key is associated with created custom repo


Additional info:
Comment 2 Brad Buckingham 2014-06-17 14:34:42 UTC 
With the fix that is in place for bug 1099016, this issue appears to be resolved.  In order to ensure that this bug goes through verfication, I'll leave this bug open vs marking as a duplicate.

The following is an example of the redhat.repo for a custom repo that had a gpgkey defined:

[ACME_Corporation_zoo_zoo]
name = zoo
baseurl = https://fortello.devel/pulp/repos/ACME_Corporation/Library/custom/zoo/zoo
enabled = 1
gpgcheck = 1
gpgkey = https://fortello.devel/katello/api/repositories/17/gpg_key_content
sslverify = 1
sslcacert = /etc/rhsm/ca/candlepin-local.pem
sslclientkey = /etc/pki/entitlement/724184414802266682-key.pem
sslclientcert = /etc/pki/entitlement/724184414802266682.pem
Comment 5 Sachin Ghai 2014-06-19 12:10:06 UTC 
Verified with sat6 beta snap10

when we associate gpg-key to custom repo then its set to '1' in redhat.repo on client.

[root@shost yum.repos.d]# yum repolist
Loaded plugins: package_upload, product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
ACME_Corporation_fake_zoo                                                                                                      | 2.1 kB     00:00     
ACME_Corporation_fake_zoo/primary                                                                                              | 3.7 kB     00:00     
ACME_Corporation_fake_zoo                                                                                                                       32/32
repo id                                                                            repo name                                                    status
ACME_Corporation_fake_zoo                                                          zoo                                                          32
repolist: 32


[root@shost yum.repos.d]# cat redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#

[ACME_Corporation_fake_zoo]
name = zoo
baseurl = https://dhcp207-55.lab.eng.pnq.redhat.com/pulp/repos/ACME_Corporation/Library/custom/fake/zoo
enabled = 1
gpgcheck = 1
gpgkey = https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content
sslverify = 1
sslcacert = /etc/rhsm/ca/candlepin-local.pem
sslclientkey = /etc/pki/entitlement/752459387118277068-key.pem
sslclientcert = /etc/pki/entitlement/752459387118277068.pem


[root@shost yum.repos.d]# yum install cow
Loaded plugins: package_upload, product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
ACME_Corporation_fake_zoo                                                                                                      | 2.1 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package cow.noarch 0:2.2-3 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                      Arch                            Version                        Repository                                          Size
======================================================================================================================================================
Installing:
 cow                          noarch                          2.2-3                          ACME_Corporation_fake_zoo                          2.4 k

Transaction Summary
======================================================================================================================================================
Install       1 Package(s)

Total download size: 2.4 k
Installed size: 42  
Is this ok [y/N]: y
Downloading Packages:
cow-2.2-3.noarch.rpm                                                                                                           | 2.4 kB     00:00     
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY
Retrieving key from https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content
Importing GPG key 0xF78FB195:
 Userid: "Dummy Packages Generator <admin.com>"
 From  : https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : cow-2.2-3.noarch                                                                                                                   1/1 
Uploading Package Profile
  Verifying  : cow-2.2-3.noarch                                                                                                                   1/1 

Installed:
  cow.noarch 0:2.2-3                                                                                                                                  

Complete!
Comment 6 Bryan Kearney 2014-07-02 14:08:18 UTC 
This was delivered with 6.0.3, which is the Satellite 6 Beta.
Comment 7 Bryan Kearney 2014-07-02 14:09:38 UTC 
This was delivered in 6.0.3, the Beta version of Satellite 6.0