Bug 842827
Summary: | Gpg checking issue with custom contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | mkovacik | ||||||||||
Component: | RHUA | Assignee: | mkovacik | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | mkovacik | ||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||
Priority: | high | ||||||||||||
Version: | 2.1 | CC: | jslagle, snansi, tsanders, whayutin | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: |
This update of Red Hat Update Infrastructure now allows you to turn on gpg signature checking for content in a custom repository.
|
Story Points: | --- | ||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2012-08-24 11:55:37 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Attachments: |
|
committed to cloude 532dcf887a2674efeb57702267459f2806dd94c4 9b40c5c950373e8a0e1ed4d83964daf9a2c9f095 Created attachment 601741 [details]
Screen capture showing repository info
Created attachment 601742 [details]
Screen capture showing custom repo creation
I've attached 2 screen captures. One shows the new workflow for custom repo creation and the other shows the new information that is displayed on the repo info screen. These are the changes to the custom repo creation workflow: You're now asked if you want gpg signature turned on for content in a custom repository. If you answer yes, gpgcheck=1 will be set in the repo config generated for that custom repository. If you answered yes to gpg checking, you're asked if the content will be signed by Red Hat. Answering yes to this will include the path to Red Hat's public gpg key in the repo config under gpgkey. If you answered yes to gpg checking (and after the Red Hat gpg prompt), you're asked if the content will be signed by a custom gpg key. Answering yes to this will prompt for a path to a public gpg key to include in the repo config under gpgkey. After entering a public gpg key path, you're asked a y/n prompt if you want to enter another key. You can continue entering as many keys as you want. Some notes: You're never prompted for a private gpg key. It is still up to the customer to sign any of their custom rpm's or generated client configuration rpm's with their private gpg key(s) before uploading them to a custom repository in RHUI. When rpm's are uploaded to a custom repository, there's no verification that they're signed by the gpg keys that they're supposed to be signed with. That doesn't happen until a client actually tries to install one of the rpm's. *** Bug 845013 has been marked as a duplicate of this bug. *** Created attachment 602745 [details]
Verifying screen log
Verified in build: RHEL-6.3-RHUI-2.1-20120801.0-Server-x86_64-DVD1.iso
Now custom protected repos do not require GPG signature checking upon content installation anymore. See the screen log attached.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: This update of Red Hat Update Infrastructure now allows you to turn on gpg signature checking for content in a custom repository. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-1205.html |
Created attachment 600071 [details] Screen log Description of problem: Gpg checking is required for all custom repositories and contents but Red Hat fingerprint is deployed in the client repo file. Version-Release number of selected component (if applicable): 2.0.x, RHEL-6.3-RHUI-2.1-20120705.0-Server-x86_64-DVD1.iso How reproducible: Always Steps to Reproduce: 1. create custom repository 2. upload custom contents __not signed by Red Hat__ 3. create client contents entitlement and configuration rpm 4. deploy the configuration and try to install the custom contents 5. gpg issue is reported Expected results: No gpg issues with deploying custom contents either signed or not Additional info: See the screen log attached (of a recent 2.1 build)