|Summary:||gpgkey field of repo files incorrect (on rhsm client machines)|
|Product:||Red Hat Enterprise Linux 5||Reporter:||Jeff Weiss <jweiss>|
|Component:||subscription-manager||Assignee:||Bryan Kearney <bkearney>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||IDM QE LIST <seceng-idm-qe-list>|
|Version:||5.7||CC:||bkearney, dajohnso, jsefler|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2012-12-10 21:42:48 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||715031, 771748|
Description Jeff Weiss 2011-09-26 14:11:29 UTC
Description of problem: Version-Release number of selected component (if applicable): katello-0.1.84-1.git.26.51fa1e1.fc14.noarch How reproducible: Steps to Reproduce: 1. Create a product/repo and sync it 2. Create an env in ACME_Corporation 3. Register with RHSM 3.5 (workaround) echo $YOURENVNAME > /etc/yum/vars/env 4. subscribe to the product Actual results: in /etc/yum.repos.d/redhat.repo, gpgkey = whatever you set "baseurl" to in /etc/rhsm/rhsm.conf Expected results: gpgkey = [something appended to the baseurl to point to an actual key] Additional info:
Comment 1 Dmitri Dolguikh 2011-09-29 10:58:54 UTC
this is an issue with subscription-manager. could you file it rhsm guys pls.?
Comment 2 Jeff Weiss 2011-09-29 12:20:47 UTC
Please do not mark bugs ON_QA or MODIFIED unless there is a commit that fixes the bug.
Comment 5 Jeff Weiss 2011-09-29 15:50:28 UTC
No, the issue is broader than that - yum fails because of missing gpg keys. I have no idea where the key is supposed to be, but it's certainly not in the location pointed to by the repo file produced by RHSM. I am not sure whether work needs to be done on katello or RHSM or both to get this link to work.
Comment 10 Jeff Weiss 2011-10-17 14:59:56 UTC
I'm not sure what the fix was, it appears that the gpgkey entry was simply removed from the repo file. I don't think that is not the correct solution - these packages are signed, the key needs to be there. I added the EPEL repo to katello and tried to install a package from it, I get Public key for p7zip-9.20.1-2.el6.x86_64.rpm is not installed I am not sure how we intend to handle these keys (will it be automatic or will we expect end users to import the keys via their own trusted mechanism?). We should figure this out before we close this bug. I would have expected the katello/pulp/cp stack to know where the key is and push that info to RHSM.
Comment 15 Bryan Kearney 2011-12-14 21:28:20 UTC
Looking back at the fix: If the gpg key is provided by katello, then it will show up in the yum repo file. if what is provied is a relative path, then it will be prepended with the baseurl from rhsm.conf. I would suggest retesting with custom products with no gpg keys, and with redhat content. -- bk
Comment 17 RHEL Product and Program Management 2012-09-17 14:58:51 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Comment 19 John Sefler 2012-10-23 20:47:20 UTC
Verifying version... Katello Version: 1.2.1-1.git.2.10b2e82.el6_3 [root@jsefler-rhel59 ~]# rpm -q subscription-manager python-rhsm subscription-manager-1.0.23-1.el5 python-rhsm-1.0.10-1.el5 Working with jweiss, two subscriptions were setup on the katello server: 1 containing content without a gpgkey 2 containing content requiring a gpgkey After subscribing... [root@jsefler-rhel59 ~]# grep baseurl /etc/rhsm/rhsm.conf baseurl=https://10-16-120-165.dhcp.rhq.lab.eng.bos.redhat.com/pulp/repos [root@jsefler-rhel59 ~]# cat /etc/yum.repos.d/redhat.repo # # Certificate-Based Repositories # Managed by (rhsm) subscription-manager # # If this file is empty and this system is subscribed consider # a "yum repolist" to refresh available repos # [ACME_Corporation_safari-1_0-1023-141300-229_safari-x86_64-1023-141300-229] name = safari-x86_64-1023-141300-229 baseurl = https://10-16-120-165.dhcp.rhq.lab.eng.bos.redhat.com/pulp/repos/ACME_Corporation/Development//custom/safari-1_0-1023-141300-229/safari-x86_64-1023-141300-229 enabled = 1 gpgcheck = 0 sslverify = 1 sslcacert = /etc/rhsm/ca/candlepin-local.pem sslclientkey = /etc/pki/entitlement/8348727650157286836-key.pem sslclientcert = /etc/pki/entitlement/8348727650157286836.pem [ACME_Corporation_Extra_Packages_epel-x86_64] name = epel-x86_64 baseurl = https://10-16-120-165.dhcp.rhq.lab.eng.bos.redhat.com/pulp/repos/ACME_Corporation/Development//custom/Extra_Packages/epel-x86_64 enabled = 1 gpgcheck = 1 gpgkey = https://10-16-120-165.dhcp.rhq.lab.eng.bos.redhat.com/katello/api/repositories/37/gpg_key_content sslverify = 1 sslcacert = /etc/rhsm/ca/candlepin-local.pem sslclientkey = /etc/pki/entitlement/8975838015483720818-key.pem sslclientcert = /etc/pki/entitlement/8975838015483720818.pem [root@jsefler-rhel59 ~]# For case 1: notice above that repo ACME_Corporation_safari-1_0-1023-141300-229_safari-x86_64-1023-141300-229 has no gpgkey entry and gpgcheck=0 VERIFIED For case 2: notice above that repo ACME_Corporation_Extra_Packages_epel-x86_64 has a gpgkey (not prepended with baseurl) and gpgcheck=1 as stated in comment 15. Moreover using wget on the gpgkey listed in the repo actually retrieves the gpgkey. Moving to VERIFIED
Comment 21 Bryan Kearney 2012-12-10 21:42:48 UTC
Bug clean up, these are in the current release.