Bug 837776
Summary: | RFE: Mechanism to deploy GPG keys for new channels to existing RHEL system rpm databases | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | riotintoti <michael.ferguson> |
Component: | Registration | Assignee: | Todd Warner <taw> |
Status: | CLOSED WONTFIX | QA Contact: | Red Hat Satellite QA List <satqe-list> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 541 | CC: | cperry |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-07-11 18:50:09 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 260381 |
Description
riotintoti
2012-07-05 08:44:51 UTC
Sadly, I cannot think of a good, sane, and secure process to do this. That would not open up potential security holes - where a user hacks Satellite and now has ability to install ANY package onto any managed system. Vs adding a layer of trust, by signing the custom RPM's with a GPG key that you keep secure. I'm sorry it is not 'easy' to do today, but the solution really is, to manually establish the GPG keys on established systems, for trusted gpg keys. (or automated/scripted deployments). As is today, I am going to decline this request. Cliff Hi Cliff, Am a little confused with the reasoning here, as this functionality already exists for kickstart deployed systems (Satellite already has a mechanism to store and deploy GPG keys to new systems). How is it any more of a security flaw for that mechanism to be extended to already registered systems (more specifically systems I want to subscribe to an additional channel)? Thanks, Michael |