Bug 530598

Summary: yum not downloading gpgkey from http:// url in "GPG key URL"
Product: [Community] Spacewalk Reporter: Josh Mullis <josh.mullis>
Component: WebUIAssignee: Michael Mráka <mmraka>
Status: CLOSED NOTABUG QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 0.6CC: josh.mullis, mmraka, vvaldez
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-28 14:53:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 653453    

Description Josh Mullis 2009-10-23 16:49:43 UTC 
Description of problem:

In spacewalk channel properties, if a "file://" url is specified in the "GPG key URL" field, yum on the client automatically imports the key.

However if an "http://" url is specified in the field, yum does not automatically import.




Version-Release number of selected component (if applicable):

RHEL v5.2
Spacewalk v0.6.4-1




How reproducible:
Steps to Reproduce:
1. Remove your custom gpgkey from rpm db
2. Enter a valid http:// url (to a gpgkey that your rpms are signed with) in the "GPG key URL" field of the channel (containing your signed rpms) properties.

3. On a client registered with spacewalk and is entitled to this channel, attempt to download a package from the channel in question.



Actual results:
Public key for <package_name> is not installed




Expected results:

yum automatically downloads gpgkey from url.





Additional info:

This works if you have a /etc/yum.repo/reponame.repo with a...

"gpgkey=http://path_to_key"  in the file.





Many Thanks!
Comment 1 Josh Mullis 2009-10-23 16:54:36 UTC 
A custom gpgkey is what I'm using, but you can try this with any gpg key that is linked to any repository.

I tried it with linuxha gpgkey, with no luck.
Comment 2 Jan Pazdziora (Red Hat) 2010-11-19 16:04:51 UTC 
Mass-moving to space13.
Comment 3 Michael Mráka 2011-01-28 14:53:51 UTC 
Rhnplugin don't allow to import automatically other keys than file://etc/pki/rpm-gpg/* for security reason - checking packages downloaded over the net with key downloaded from the same source can be very easily man-in-the-middle attacked.

You have to create an rpm with custom keys similar to redhat-release, fedora-release or epel-release.