1041772 – unable to install packages from a custom sha1-protected repo when using custom gpg singning

Bug 1041772 - unable to install packages from a custom sha1-protected repo when using custom gpg singning

Summary: unable to install packages from a custom sha1-protected repo when using custo...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Update Infrastructure for Cloud Providers
Classification:	Red Hat
Component:	RHUA
Sub Component:
Version:	2.1.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	John Matthews
QA Contact:	mkovacik
Docs Contact:
URL:	http://adminotes.blogspot.fr/2011/12/...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-12 19:15 UTC by mkovacik
Modified:	2013-12-13 16:17 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-13 16:17:22 UTC
Target Upstream Version:

Attachments	(Terms of Use)
screen log installing the custom signed package on a rhel 5 client (2.34 KB, text/plain) 2013-12-13 16:13 UTC, mkovacik	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description mkovacik 2013-12-12 19:15:23 UTC

Description of problem:
when creating a custom, SHA1-protected, gpg-signed repo in rhui (which happens to be on rhel6), signature header of version 4 is created what prevents RHEL5 client from installing:
  yum install -y package
  ...
  error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID b6963d12

Version-Release number of selected component (if applicable):
2.1.3

How reproducible:
Always; happened in test plan.case #6606.110761

Steps to Reproduce:
1. in rhui-manager, create repo such as:
  ID:              r1
  Name:            r1
  Path:            r1
  Entitlement:     r1
  GPG Check        Yes
  Custom GPG Keys: '/root/public.key'
  Red Hat GPG Key: No
  protection: SHA1
2. upload custom content e.g. package.rpm
3. create client entitlement keys for the repo r1 and a client configuration rpm
4. install the configuration rpm on an RHEL5 client
5. yum install -y package.rpm

Actual results:
Error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID XXXXXXX

Expected results:
Yum install works for the repo on rhel5 client

Additional info:
searching the internet, guys suggest using command switch
  gpg --force-v3-sigs
when signing rpms; see the bz url field

Comment 1 mkovacik 2013-12-13 16:13:09 UTC

Created attachment 836374 [details]
screen log installing the custom signed package on a rhel 5 client

QE test case issue; the custom package we use in the automation is signed with v4 header already

Comment 2 mkovacik 2013-12-13 16:17:22 UTC

closing based on Comment #1

Note You need to log in before you can comment on or make changes to this bug.