Bug 1537555

Summary:	Cannot remove GPGkey from client repo
Product:	Red Hat Satellite	Reporter:	Sean O'Keeffe <sokeeffe>
Component:	Content Credentials	Assignee:	Justin Sherrill <jsherril>
Status:	CLOSED ERRATA	QA Contact:	jcallaha
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	Unspecified	CC:	arusso, aymeric.marchal, bkearney, gscarbor, inecas, jalviso, james.xue, karnsing, pcreech, rraghuwa, satellite6-bugs, saydas, vdeshpan, vijsingh
Target Milestone:	6.7.0	Keywords:	Triaged
Target Release:	Unused
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-04-14 13:22:23 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Sean O'Keeffe 2018-01-23 13:47:01 UTC

Description of problem:
If I have a custom repo with the wrong GPGkey and have a client registered to use it via the Default Org View and then remove it from the repo in Katello, i cannot get the client to update.

Version-Release number of selected component (if applicable):
katello 3.5

How reproducible:


Steps to Reproduce:
1. create incorrect GPGkey
2. sync custom product/repo using the incorrect GPGKey
3. attach client (i used default org view)
4. "yum install foo -y" will give you:

===================================================================================================================================================================================================================
 Package                                                      Arch                            Version                                  Repository                                                             Size
===================================================================================================================================================================================================================
Installing:
 katello-host-tools                                           noarch                          3.1.0-1.el7                              Default_Organization_CentOS_7_Katello_Client                           20 k
Installing for dependencies:
 katello-host-tools-fact-plugin                               noarch                          3.1.0-1.el7                              Default_Organization_CentOS_7_Katello_Client                           12 k
 libxslt                                                      x86_64                          1.1.28-5.el7                             Default_Organization_CentOS_7_Centos_7_OS                             242 k
 python-argcomplete                                           noarch                          1.7.0-1.el7                              Default_Organization_EPEL_EPEL                                         49 k
 python-backports                                             x86_64                          1.0-8.el7                                Default_Organization_CentOS_7_Centos_7_OS                             5.8 k
 python-backports-ssl_match_hostname                          noarch                          3.4.0.2-4.el7                            Default_Organization_CentOS_7_Centos_7_OS                              12 k
 python-beautifulsoup4                                        noarch                          4.3.2-1.el7                              Default_Organization_EPEL_EPEL                                        149 k
 python-html5lib                                              noarch                          1:0.999-5.el7                            Default_Organization_EPEL_EPEL                                        206 k
 python-lxml                                                  x86_64                          3.2.1-4.el7                              Default_Organization_CentOS_7_Centos_7_OS                             758 k
 python-setuptools                                            noarch                          0.9.8-7.el7                              Default_Organization_CentOS_7_Centos_7_OS                             397 k
 python-six                                                   noarch                          1.9.0-2.el7                              Default_Organization_CentOS_7_Centos_7_OS                              29 k
 python2-psutil                                               x86_64                          2.2.1-3.el7                              Default_Organization_EPEL_EPEL                                        116 k
 python2-tracer                                               noarch                          0.6.13.1-1.el7                           Default_Organization_EPEL_EPEL                                        105 k
 tracer-common                                                noarch                          0.6.13.1-1.el7                           Default_Organization_EPEL_EPEL                                         26 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package (+13 Dependent packages)

Total size: 2.1 M
Installed size: 7.9 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/Default_Organization_CentOS_7_Katello_Client/packages/katello-host-tools-fact-plugin-3.1.0-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 2884ecef: NOKEY
Retrieving key from https://centos7-katello-3-5.sean.example.com/katello/api/repositories/5/gpg_key_content


GPG key retrieval failed: [Errno 14] HTTPS Error 404 - Not Found

4. So update the repo to remove the GPGKey

Actual results:
Client config will never change, even after sub-man unregister/register & removing the repo and re-creating it.

Expected results: 
Client to update repo GPGconfig with "sub-man refresh"  

Additional info:

I found this with Katello 3.5, probably the same on 6.3. I would have raised this directly upstream but not sure where the problem is in candlepin/katello/pulp

Comment 1 Sean O'Keeffe 2018-01-23 13:50:05 UTC

The only workaround I found was "subscription-manager repo-override --repo <REPOID> --add gpgcheck:0"

Comment 4 Satellite Program 2018-09-20 12:23:38 UTC

Connecting redmine issue https://projects.theforeman.org/issues/15087 from this bug

Comment 6 Gary Scarborough 2019-01-06 21:46:21 UTC

Just wanted to update that I can confirm that this issue is present in 6.4 as well.

Comment 8 Bryan Kearney 2019-08-05 12:22:32 UTC

The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.

Comment 10 jcallaha 2020-01-24 21:44:49 UTC

Verified in Satellite 6.7 snap 9

create a yum repo
create a content credential of a gpg key (any contents work)
register a system with sub-man and subscribe it to the yum repo
notice in /etc/yum.repos.d/redhat.repo there is no gpg key
Associate the gpg key with the repository on the repo details page
run sub-man refresh && yum repolist
notice in /etc/yum.repos.d/redhat.repo there is a gpg key for the repo
Remove the gpg key from the repo on the repo details page
run sub-man refresh
notice in /etc/yum.repos.d/redhat.repo thegpg key for the repo is now gone.

Comment 13 errata-xmlrpc 2020-04-14 13:22:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454