1022462 – gpgcheck always set to '0' for custom repo, even after associating gpg-keys with it

Bug 1022462 - gpgcheck always set to '0' for custom repo, even after associating gpg-keys with it

Summary: gpgcheck always set to '0' for custom repo, even after associating gpg-keys w...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Content Management
Sub Component:
Version:	6.0.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Unspecified
Assignee:	Brad Buckingham
QA Contact:	Sachin Ghai
Docs Contact:
URL:
Whiteboard:
Depends On:	1099016
Blocks:	828909
TreeView+	depends on / blocked

Reported:	2013-10-23 10:41 UTC by Sachin Ghai
Modified:	2019-09-26 17:42 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-02 14:08:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Sachin Ghai 2013-10-23 10:41:23 UTC

Description of problem:
As per bz 803428 comment22, when we associate a gpg-key with custom repo, then on subscribing a client to this repo, gpgcheck should be set to '1' in redhat.repo. But here its not the case.

I associated a gpg key to custom repo and subscribed a client to it. But when I checked the redhat.repo, it was showing gpgcheck='0'

[root@dhcp201-165 yum.repos.d]# cat redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#

[sghai_rh_rhel6_3]
name = rhel6.3
baseurl = https://cloud-qe-8.idm.lab.bos.redhat.com/pulp/repos/sghai/dev/pubcv3/custom/rh/rhel6_3
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/candlepin-local.pem
sslclientkey = /etc/pki/entitlement/3179518075718023597-key.pem
sslclientcert = /etc/pki/entitlement/3179518075718023597.pem

Can someone please explain what is expected here ?

Version-Release number of selected component (if applicable):
Server:
=======
snap6 (MDP2)
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-glue-candlepin-1.4.6-40.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.12-3.el6sat.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-foreman-all-1.4.6-40.el6sat.noarch
katello-configure-1.4.7-6.el6sat.noarch
signo-katello-0.0.23-2.el6sat.noarch
katello-glue-elasticsearch-1.4.6-40.el6sat.noarch
katello-cli-1.4.3-24.el6sat.noarch
katello-cli-common-1.4.3-24.el6sat.noarch
katello-1.4.6-40.el6sat.noarch
katello-all-1.4.6-40.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch
rubygem-hammer_cli_katello_bridge-0.0.6-2.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
katello-common-1.4.6-40.el6sat.noarch
katello-glue-pulp-1.4.6-40.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-selinux-1.4.4-4.el6sat.noarch
pulp-katello-plugins-0.2-1.el6sat.noarch
katello-configure-foreman-1.4.7-6.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.17-6.el6sat.noarch


Client:
======
[root@dhcp201-165 yum.repos.d]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.3 (Santiago)
[root@dhcp201-165 yum.repos.d]# rpm -qa | grep katello-agent
katello-agent-1.4.4-3.el6sat.noarch
[root@dhcp201-165 yum.repos.d]# rpm -qa | grep subscription-manager
subscription-manager-0.99.19-1.el6.x86_64
[root@dhcp201-165 yum.repos.d]# 

How reproducible:
always

Steps to Reproduce:
1. register a client with server and subscribe it to a custom repo which should be associated with correct gpg key
2.
3.

Actual results:
gpgcheck value in redhat.repo is set to '0'


Expected results:
It should be '1' when gpg-key is associated with created custom repo


Additional info:

Comment 2 Brad Buckingham 2014-06-17 14:34:42 UTC

With the fix that is in place for bug 1099016, this issue appears to be resolved.  In order to ensure that this bug goes through verfication, I'll leave this bug open vs marking as a duplicate.

The following is an example of the redhat.repo for a custom repo that had a gpgkey defined:

[ACME_Corporation_zoo_zoo]
name = zoo
baseurl = https://fortello.devel/pulp/repos/ACME_Corporation/Library/custom/zoo/zoo
enabled = 1
gpgcheck = 1
gpgkey = https://fortello.devel/katello/api/repositories/17/gpg_key_content
sslverify = 1
sslcacert = /etc/rhsm/ca/candlepin-local.pem
sslclientkey = /etc/pki/entitlement/724184414802266682-key.pem
sslclientcert = /etc/pki/entitlement/724184414802266682.pem

Comment 5 Sachin Ghai 2014-06-19 12:10:06 UTC

Verified with sat6 beta snap10

when we associate gpg-key to custom repo then its set to '1' in redhat.repo on client.

[root@shost yum.repos.d]# yum repolist
Loaded plugins: package_upload, product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
ACME_Corporation_fake_zoo                                                                                                      | 2.1 kB     00:00     
ACME_Corporation_fake_zoo/primary                                                                                              | 3.7 kB     00:00     
ACME_Corporation_fake_zoo                                                                                                                       32/32
repo id                                                                            repo name                                                    status
ACME_Corporation_fake_zoo                                                          zoo                                                          32
repolist: 32


[root@shost yum.repos.d]# cat redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#

[ACME_Corporation_fake_zoo]
name = zoo
baseurl = https://dhcp207-55.lab.eng.pnq.redhat.com/pulp/repos/ACME_Corporation/Library/custom/fake/zoo
enabled = 1
gpgcheck = 1
gpgkey = https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content
sslverify = 1
sslcacert = /etc/rhsm/ca/candlepin-local.pem
sslclientkey = /etc/pki/entitlement/752459387118277068-key.pem
sslclientcert = /etc/pki/entitlement/752459387118277068.pem


[root@shost yum.repos.d]# yum install cow
Loaded plugins: package_upload, product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
ACME_Corporation_fake_zoo                                                                                                      | 2.1 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package cow.noarch 0:2.2-3 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                      Arch                            Version                        Repository                                          Size
======================================================================================================================================================
Installing:
 cow                          noarch                          2.2-3                          ACME_Corporation_fake_zoo                          2.4 k

Transaction Summary
======================================================================================================================================================
Install       1 Package(s)

Total download size: 2.4 k
Installed size: 42  
Is this ok [y/N]: y
Downloading Packages:
cow-2.2-3.noarch.rpm                                                                                                           | 2.4 kB     00:00     
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY
Retrieving key from https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content
Importing GPG key 0xF78FB195:
 Userid: "Dummy Packages Generator <admin.com>"
 From  : https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : cow-2.2-3.noarch                                                                                                                   1/1 
Uploading Package Profile
  Verifying  : cow-2.2-3.noarch                                                                                                                   1/1 

Installed:
  cow.noarch 0:2.2-3                                                                                                                                  

Complete!

Comment 6 Bryan Kearney 2014-07-02 14:08:18 UTC

This was delivered with 6.0.3, which is the Satellite 6 Beta.

Comment 7 Bryan Kearney 2014-07-02 14:09:38 UTC

This was delivered in 6.0.3, the Beta version of Satellite 6.0

Note You need to log in before you can comment on or make changes to this bug.