| Summary: | gpgcheck for repo metadata is ignored | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Adrian Likins <alikins> |
| Component: | subscription-manager | Assignee: | Devan Goodwin <dgoodwin> |
| Status: | CLOSED ERRATA | QA Contact: | Entitlement Bugs <entitlement-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | dgoodwin, jsefler, mstead |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:08:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 738066, 803428 | ||
|
Description
Adrian Likins
2012-03-21 20:16:44 UTC
Whoever picks this up should double check on the OID, I can't find one for gpgcheck. I see enabled just below GPG key but I believe that is repo enabled, not GPG enabled. Suggestion from other thread is to see if we can assume empty GPG key URL implies gpgcheck disabled and consider the problem solved. Fixed in subscription-manager.git 6381e7c041b9822cbebb526ebb374c65dde615f3 Will appear in subscription-manager-0.99.12-1. Verifying Version....
[root@jsefler-r63-server ~]# rpm -q subscription-manager
subscription-manager-0.99.14-1.el6.x86_64
To test this bug, the following content with gpg_url=null and gpg_url="" was added to the test_data.json that is used to deploy candlepin with TESTDATA and the content was included in the "Awesome OS Server Bits" product.
{
"name": "content-nogpg",
"id": 234,
"label": "content-label-no-gpg",
"type": "yum",
"vendor": "test-vendor",
"content_url": "/foo/path",
"metadata_expire": 0
},
{
"name": "content-emptygpg",
"id": 235,
"label": "content-label-empty-gpg",
"type": "yum",
"vendor": "test-vendor",
"content_url": "/foo/path",
"gpg_url": "",
"metadata_expire": 0
},
After re-deploying the candlepin server with the data above, I registered a client and consumed the entitlements as shown below...
[root@jsefler-r63-server ~]# subscription-manager register --username testuser1 --password password --org admin
The system has been registered with id: f2afc97e-f745-4d8f-84ae-512401cb3d5f
[root@jsefler-r63-server ~]# subscription-manager list --avail | grep awesomeos-server-basic -A1
Product Id: awesomeos-server-basic
Pool Id: 8a90f81436bc924b0136bc9341a80264
--
Product Id: awesomeos-server-basic
Pool Id: 8a90f81436bc924b0136bc9341e00272
--
Product Id: awesomeos-server-basic-me
Pool Id: 8a90f81436bc924b0136bc93429a028c
--
Product Id: awesomeos-server-basic-me
Pool Id: 8a90f81436bc924b0136bc9342c10299
[root@jsefler-r63-server ~]# subscription-manager subscribe --pool 8a90f81436bc924b0136bc9341a80264
Successfully consumed a subscription from the pool with id 8a90f81436bc924b0136bc9341a80264.
[root@jsefler-r63-server ~]# yum repolist 2>/dev/null
Loaded plugins: product-id, refresh-packagekit, security, subscription-
: manager
Updating certificate-based repositories.
repo id repo name status
always-enabled-content always-enabled-content 0
content-label content 0
content-label-empty-gpg content-emptygpg 0
content-label-no-gpg content-nogpg 0
repolist: 0
[root@jsefler-r63-server ~]#
[root@jsefler-r63-server ~]# cat /etc/yum.repos.d/redhat.repo
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider
# a "yum repolist" to refresh available repos
#
[content-label-empty-gpg]
name = content-emptygpg
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/5246619256293308175-key.pem
sslclientcert = /etc/pki/entitlement/5246619256293308175.pem
metadata_expire = 0
[content-label]
name = content
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/gpg/
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/5246619256293308175-key.pem
sslclientcert = /etc/pki/entitlement/5246619256293308175.pem
metadata_expire = 0
[content-label-no-gpg]
name = content-nogpg
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/5246619256293308175-key.pem
sslclientcert = /etc/pki/entitlement/5246619256293308175.pem
metadata_expire = 0
[always-enabled-content]
name = always-enabled-content
baseurl = https://cdn.redhat.com/foo/path/always/$releasever
enabled = 1
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/always/gpg
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/5246619256293308175-key.pem
sslclientcert = /etc/pki/entitlement/5246619256293308175.pem
metadata_expire = 200
[never-enabled-content]
name = never-enabled-content
baseurl = https://cdn.redhat.com/foo/path/never
enabled = 0
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/never/gpg
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/5246619256293308175-key.pem
sslclientcert = /etc/pki/entitlement/5246619256293308175.pem
metadata_expire = 600
[root@jsefler-r63-server ~]#
Notice in the yum redhat.repo above that gpgcheck is now set to 0 for content-label-no-gpg and content-label-empty-gpg where there is no gpgkey since there was no gpg_url in the content namespace.
Moving to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0804.html |