Description of problem: As per bz 803428 comment22, when we associate a gpg-key with custom repo, then on subscribing a client to this repo, gpgcheck should be set to '1' in redhat.repo. But here its not the case. I associated a gpg key to custom repo and subscribed a client to it. But when I checked the redhat.repo, it was showing gpgcheck='0' [root@dhcp201-165 yum.repos.d]# cat redhat.repo # # Certificate-Based Repositories # Managed by (rhsm) subscription-manager # # If this file is empty and this system is subscribed consider # a "yum repolist" to refresh available repos # [sghai_rh_rhel6_3] name = rhel6.3 baseurl = https://cloud-qe-8.idm.lab.bos.redhat.com/pulp/repos/sghai/dev/pubcv3/custom/rh/rhel6_3 enabled = 1 gpgcheck = 0 sslverify = 1 sslcacert = /etc/rhsm/ca/candlepin-local.pem sslclientkey = /etc/pki/entitlement/3179518075718023597-key.pem sslclientcert = /etc/pki/entitlement/3179518075718023597.pem Can someone please explain what is expected here ? Version-Release number of selected component (if applicable): Server: ======= snap6 (MDP2) katello-candlepin-cert-key-pair-1.0-1.noarch katello-glue-candlepin-1.4.6-40.el6sat.noarch ruby193-rubygem-katello-foreman-engine-0.0.12-3.el6sat.noarch katello-certs-tools-1.4.4-1.el6sat.noarch katello-foreman-all-1.4.6-40.el6sat.noarch katello-configure-1.4.7-6.el6sat.noarch signo-katello-0.0.23-2.el6sat.noarch katello-glue-elasticsearch-1.4.6-40.el6sat.noarch katello-cli-1.4.3-24.el6sat.noarch katello-cli-common-1.4.3-24.el6sat.noarch katello-1.4.6-40.el6sat.noarch katello-all-1.4.6-40.el6sat.noarch katello-qpid-client-key-pair-1.0-1.noarch rubygem-hammer_cli_katello_bridge-0.0.6-2.el6sat.noarch ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch katello-common-1.4.6-40.el6sat.noarch katello-glue-pulp-1.4.6-40.el6sat.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-selinux-1.4.4-4.el6sat.noarch pulp-katello-plugins-0.2-1.el6sat.noarch katello-configure-foreman-1.4.7-6.el6sat.noarch ruby193-rubygem-foreman-katello-engine-0.0.17-6.el6sat.noarch Client: ====== [root@dhcp201-165 yum.repos.d]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.3 (Santiago) [root@dhcp201-165 yum.repos.d]# rpm -qa | grep katello-agent katello-agent-1.4.4-3.el6sat.noarch [root@dhcp201-165 yum.repos.d]# rpm -qa | grep subscription-manager subscription-manager-0.99.19-1.el6.x86_64 [root@dhcp201-165 yum.repos.d]# How reproducible: always Steps to Reproduce: 1. register a client with server and subscribe it to a custom repo which should be associated with correct gpg key 2. 3. Actual results: gpgcheck value in redhat.repo is set to '0' Expected results: It should be '1' when gpg-key is associated with created custom repo Additional info:
With the fix that is in place for bug 1099016, this issue appears to be resolved. In order to ensure that this bug goes through verfication, I'll leave this bug open vs marking as a duplicate. The following is an example of the redhat.repo for a custom repo that had a gpgkey defined: [ACME_Corporation_zoo_zoo] name = zoo baseurl = https://fortello.devel/pulp/repos/ACME_Corporation/Library/custom/zoo/zoo enabled = 1 gpgcheck = 1 gpgkey = https://fortello.devel/katello/api/repositories/17/gpg_key_content sslverify = 1 sslcacert = /etc/rhsm/ca/candlepin-local.pem sslclientkey = /etc/pki/entitlement/724184414802266682-key.pem sslclientcert = /etc/pki/entitlement/724184414802266682.pem
Verified with sat6 beta snap10 when we associate gpg-key to custom repo then its set to '1' in redhat.repo on client. [root@shost yum.repos.d]# yum repolist Loaded plugins: package_upload, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. ACME_Corporation_fake_zoo | 2.1 kB 00:00 ACME_Corporation_fake_zoo/primary | 3.7 kB 00:00 ACME_Corporation_fake_zoo 32/32 repo id repo name status ACME_Corporation_fake_zoo zoo 32 repolist: 32 [root@shost yum.repos.d]# cat redhat.repo # # Certificate-Based Repositories # Managed by (rhsm) subscription-manager # # If this file is empty and this system is subscribed consider # a "yum repolist" to refresh available repos # [ACME_Corporation_fake_zoo] name = zoo baseurl = https://dhcp207-55.lab.eng.pnq.redhat.com/pulp/repos/ACME_Corporation/Library/custom/fake/zoo enabled = 1 gpgcheck = 1 gpgkey = https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content sslverify = 1 sslcacert = /etc/rhsm/ca/candlepin-local.pem sslclientkey = /etc/pki/entitlement/752459387118277068-key.pem sslclientcert = /etc/pki/entitlement/752459387118277068.pem [root@shost yum.repos.d]# yum install cow Loaded plugins: package_upload, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. ACME_Corporation_fake_zoo | 2.1 kB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package cow.noarch 0:2.2-3 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: cow noarch 2.2-3 ACME_Corporation_fake_zoo 2.4 k Transaction Summary ====================================================================================================================================================== Install 1 Package(s) Total download size: 2.4 k Installed size: 42 Is this ok [y/N]: y Downloading Packages: cow-2.2-3.noarch.rpm | 2.4 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY Retrieving key from https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content Importing GPG key 0xF78FB195: Userid: "Dummy Packages Generator <admin.com>" From : https://dhcp207-55.lab.eng.pnq.redhat.com/katello/api/repositories/11/gpg_key_content Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : cow-2.2-3.noarch 1/1 Uploading Package Profile Verifying : cow-2.2-3.noarch 1/1 Installed: cow.noarch 0:2.2-3 Complete!
This was delivered with 6.0.3, which is the Satellite 6 Beta.
This was delivered in 6.0.3, the Beta version of Satellite 6.0