Bug 1041772

Summary: unable to install packages from a custom sha1-protected repo when using custom gpg singning
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: mkovacik
Component: RHUAAssignee: John Matthews <jmatthew>
Status: CLOSED NOTABUG QA Contact: mkovacik
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.1.2CC: tsanders
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://adminotes.blogspot.fr/2011/12/centos-6-rpm-sign-problem-v4-signatures.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-13 16:17:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
screen log installing the custom signed package on a rhel 5 client none

Description mkovacik 2013-12-12 19:15:23 UTC 
Description of problem:
when creating a custom, SHA1-protected, gpg-signed repo in rhui (which happens to be on rhel6), signature header of version 4 is created what prevents RHEL5 client from installing:
  yum install -y package
  ...
  error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID b6963d12

Version-Release number of selected component (if applicable):
2.1.3

How reproducible:
Always; happened in test plan.case #6606.110761

Steps to Reproduce:
1. in rhui-manager, create repo such as:
  ID:              r1
  Name:            r1
  Path:            r1
  Entitlement:     r1
  GPG Check        Yes
  Custom GPG Keys: '/root/public.key'
  Red Hat GPG Key: No
  protection: SHA1
2. upload custom content e.g. package.rpm
3. create client entitlement keys for the repo r1 and a client configuration rpm
4. install the configuration rpm on an RHEL5 client
5. yum install -y package.rpm

Actual results:
Error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID XXXXXXX

Expected results:
Yum install works for the repo on rhel5 client

Additional info:
searching the internet, guys suggest using command switch
  gpg --force-v3-sigs
when signing rpms; see the bz url field
Comment 1 mkovacik 2013-12-13 16:13:09 UTC 
Created attachment 836374 [details]
screen log installing the custom signed package on a rhel 5 client

QE test case issue; the custom package we use in the automation is signed with v4 header already
Comment 2 mkovacik 2013-12-13 16:17:22 UTC 
closing based on Comment #1