Bug 336741

Summary:	Various auto-kickstart packages signed improperly
Product:	Red Hat Satellite 5	Reporter:	Scott Dodson <sdodson>
Component:	Provisioning	Assignee:	Brandon Perkins <bperkins>
Status:	CLOSED NOTABUG	QA Contact:	wes hayutin <whayutin>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	rhn-bugs
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2007-11-28 19:44:17 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Scott Dodson 2007-10-17 21:25:51 UTC

Various auto-kickstart packages are signed improperly. Currently all 4u5
packages are signed with key 219180cddb42a60e which is not installed on any
system I've found. Several of the 4u4, 3u9, and 3u8 packages are also signed
with this invalid key. It seems all packages built on lego.rhndev.redhat.com are
signed with this key. 

Packages which work are signed with 5326810137017186 and appear to be built via
the normal build systems.

This is causing provisioning of systems with 4u5 via satellite to fail.


[sdodson@dhcp243-54 Desktop]$ rpm -qip
auto-kickstart-ks-rhel-i386-as-4-u4-1.12-3.noarch.rpm 
warning: auto-kickstart-ks-rhel-i386-as-4-u4-1.12-3.noarch.rpm: Header V3 DSA
signature: NOKEY, key ID db42a60e
Name        : auto-kickstart-ks-rhel-i386-as-4-u4  Relocations: (not relocatable)
Version     : 1.12                              Vendor: Red Hat, Inc.
Release     : 3                             Build Date: Tue 06 Mar 2007 07:23:37
PM EST
Install Date: (not installed)               Build Host: lego.rhndev.redhat.com
Group       : System Environment/Kernel     Source RPM:
auto-kickstart-rhel4-u4-1.12-3.src.rpm
Size        : 5099309                          License: GPL
Signature   : DSA/SHA1, Tue 06 Mar 2007 03:32:39 PM EST, Key ID 219180cddb42a60e
Packager    : Red Hat Network <rhn-feedback>
URL         : http://rhn.redhat.com/
Summary     : Kernel images for kickstart RHEL AS 4 U4
Description :
Kernel images for kickstart RHEL AS 4 U4


[sdodson@dhcp243-54 Desktop]$ rpm -qip
auto-kickstart-ks-rhel-i386-as-4-u4-1.13-4.el5.noarch.rpm 
warning: auto-kickstart-ks-rhel-i386-as-4-u4-1.13-4.el5.noarch.rpm: Header V3
DSA signature: NOKEY, key ID 37017186
Name        : auto-kickstart-ks-rhel-i386-as-4-u4  Relocations: (not relocatable)
Version     : 1.13                              Vendor: Red Hat, Inc.
Release     : 4.el5                         Build Date: Wed 07 Mar 2007 04:47:30
PM EST
Install Date: (not installed)               Build Host: ia64-1.build.redhat.com
Group       : System Environment/Kernel     Source RPM:
auto-kickstart-rhel4-u4-1.13-4.el5.src.rpm
Size        : 5099309                          License: GPL
Signature   : DSA/SHA1, Wed 07 Mar 2007 07:34:48 PM EST, Key ID 5326810137017186
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://rhn.redhat.com/
Summary     : Kernel images for kickstart RHEL AS 4 U4
Description :
Kernel images for kickstart RHEL AS 4 U4


[sdodson@dhcp243-54 Desktop]$ rpm -qip
auto-kickstart-ks-rhel-i386-as-4-u5-1.14-1.el4.noarch.rpm 
warning: auto-kickstart-ks-rhel-i386-as-4-u5-1.14-1.el4.noarch.rpm: Header V3
DSA signature: NOKEY, key ID db42a60e
Name        : auto-kickstart-ks-rhel-i386-as-4-u5  Relocations: (not relocatable)
Version     : 1.14                              Vendor: Red Hat, Inc.
Release     : 1.el4                         Build Date: Mon 23 Apr 2007 07:51:45
PM EDT
Install Date: (not installed)               Build Host: lego.rhndev.redhat.com
Group       : System Environment/Kernel     Source RPM:
auto-kickstart-rhel4-u5-1.14-1.el4.src.rpm
Size        : 5217049                          License: GPL
Signature   : DSA/SHA1, Mon 07 May 2007 10:06:37 PM EDT, Key ID 219180cddb42a60e
Packager    : Red Hat Network <rhn-feedback>
URL         : http://rhn.redhat.com/
Summary     : Kernel images for kickstart RHEL AS 4 U5
Description :
Kernel images for kickstart RHEL AS 4 U5

Comment 2 Scott Dodson 2007-11-20 19:49:54 UTC

I should clarify, the warnings generated by the commands I ran are due me
running them on my laptop.

If I do the same on a RHEL5 machine I find the behavior described. To reproduce
this I am attempting to kickstart a machine running RHEL5 to RHEL4.5.

Comment 3 Brandon Perkins 2007-11-28 19:44:17 UTC

Based on the description, this is not a bug.  If you're kickstarting from RHEL5
or later to RHEL4 or earlier, you'll have to import the
RPM-GPG-KEY-redhat-former key:

# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-former 
# rpm -qa gpg-pubkey*
gpg-pubkey-db42a60e-37ea5438

At this point the packages will be considered to be signed correctly and will be
installed.

Comment 4 Shane Bradley 2007-12-07 17:48:26 UTC

I had same problem trying to go from rhel5 -> rhel4.

I did the key import above. However it failed with same error.
The only solution I found was to update to the latest package set on RHEL5.
I went from RHEL5u1 -> RHEL5u1current package set on rhn.

After the machine was updated, it then would kickstart to rhel4.