Bug 607673

Summary: No GPG key installation offer for custom channels
Product: Red Hat Satellite 5 Reporter: Garik Khachikyan <gkhachik>
Component: ClientAssignee: Michael Mráka <mmraka>
Status: CLOSED NOTABUG QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 530CC: cperry, mkoci
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-23 21:59:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 462714    
Attachments:
Description Flags
Custom channel with GPG info none

Description Garik Khachikyan 2010-06-24 14:39:59 UTC 
Description of problem:
Under my Satellite 530 I made a GPG key and prepared a custom channel specifying details of that GPG key in the "Security: GPG" section (during creation of custom channel)
The client systems which connecting the channel for first-time package installation are failing with:
---
Public key for <package_name> is not installed
---

Version-Release number of selected component (if applicable):
yum-rhn-plugin-0.5.4-13
yum-3.2.22-20

How reproducible:
Always

Steps to Reproduce:
1. make a GPG key (gpg --gen-key)
2. Export the public key to /root/RPM-GKHACHIK-KEY (gpg --armor --output ...)
3. Take any unsigned package and sign it by that key
4. Make a custom channel and specify the GPG settings of that key in the "Security: GPG" section
5. rhnpush that signed package to that channel
6. Register and assign a client system to that custom channel (NOT import that GPG key to the rpm db)
7. Try to make a yum install of that package.

Actual results:
yum install fails with: 
---
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 13a11846
Public key for rhn-upgrade-5.3.0.24-1.el5sat.noarch.rpm is not installed
---

Expected results:
Package should get installed AND the public key should be offered to be imported.

Additional info:
Screenshot with the custom channel settings is attached.
Comment 1 Garik Khachikyan 2010-06-24 14:40:27 UTC 
Created attachment 426600 [details]
Custom channel with GPG info
Comment 2 Michael Mráka 2010-06-28 10:08:33 UTC 
rpm gpg keys have to be in /etc/pki/rpm-gpg/.
Comment 3 Garik Khachikyan 2010-06-28 10:32:52 UTC 
# COMMENT

Yeah, but I have defined the "GPG key URL" - it does not matter ?
Comment 4 Michael Mráka 2010-06-28 11:16:53 UTC 
It does matter but yum-rhn-client blocks gpg keys for satellite/hosted managed repos other than from /etc/pki/rpm-gpg/.
Comment 5 Garik Khachikyan 2010-06-28 12:58:44 UTC 
# COMMENT

I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it complains with:
---
GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'

It's thrown due to yum install <my_package_name> in the client system.
Comment 7 Garik Khachikyan 2010-06-28 13:08:37 UTC 
(In reply to comment #5)
> # COMMENT
> 
> I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it
> complains with:
> ---
> GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or
> directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'
> 
> It's thrown due to yum install <my_package_name> in the client system.    

Correction: on server-side the copy was made to: /etc/pki/rpm-gpg/
Comment 8 Garik Khachikyan 2010-06-28 13:38:18 UTC 
# COMMENT

So, if I have the server's GPG public key installed in client side (rpm --import <RPM-GPG-KEY>), then the yum install of the package works.

If there is no other possible way of retrieving, getting that key installed automatically (like for RPM-GPG-KEY-redhat-release) - then please close this "issue".

Otherwise: would be nice to see it fixed in a way to get the key automatically installed by yum client and be continued with package installation.

thanks.
Comment 9 Michael Mráka 2010-09-23 21:59:05 UTC 
GPG key have to be installed on client in /etc/pki/rpm-gpg/ directory.
It can't be downloaded from other machine (e.g. satellite) for security reasons.
See bug 213031.

Closing.