1213876 – spacewalk latest-client packages signed with GPG V4 key - CentOS 5 yum update fails

Bug 1213876 - spacewalk latest-client packages signed with GPG V4 key - CentOS 5 yum update fails

Summary: spacewalk latest-client packages signed with GPG V4 key - CentOS 5 yum update...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Installation
Sub Component:
Version:	2.3
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Tomáš Kašpárek
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space27
TreeView+	depends on / blocked

Reported:	2015-04-21 13:22 UTC by Göran Törnqvist
Modified:	2017-09-28 18:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-03 12:24:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Göran Törnqvist 2015-04-21 13:22:23 UTC

Description of problem:
When trying to update CentOS-5 hosts with the latest client from http://yum.spacewalkproject.org/latest-client/RHEL/5/x86_64/ , example:
osad-5.11.57-1.el5.noarch.rpm , I get:
error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID 066e5810

When comparing the signing key with the old versions I can see that it´s a different key.

osad-5.11.57-1.el5.noarch.rpm signing Key: 41605346066e5810
osad-5.11.43-1.el5.noarch.rpm signing Key: 0e646f68863a853d

So it looks like the GPG key has changed, is this intentional?

Version-Release number of selected component (if applicable):
RPMs with build date: 2015-03-25

How reproducible:
yum localupdate http://yum.spacewalkproject.org/latest-client/RHEL/5/x86_64/osad-5.11.57-1.el5.noarch.rpm

Actual results:

Expected results:

Additional info:

Comment 1 Göran Törnqvist 2015-04-22 06:30:49 UTC

So just to clarify :)
I know there´s a new key here:
http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2015
But even if I import it, it doesnt work - I guess it´s because CentOS-5 cannot handle GPG V4 which the RPMs are signed with...

rpm -v --checksig osad-5.11.57-1.el5.noarch.rpm
osad-5.11.57-1.el5.noarch.rpm:
    Header V4 RSA/SHA1 signature: BAD, key ID 066e5810
    Header SHA1 digest: OK (510f046268a4f61a923a45da35b0f4289a1919a2)
    V4 RSA/SHA1 signature: BAD, key ID 066e5810
    MD5 digest: OK (a66ce28020b37aa0f6d18f1764f1aa08)

Comment 2 Göran Törnqvist 2015-04-23 09:50:44 UTC

Aha, it may be due to this:

https://fedorahosted.org/spacewalk/wiki/ReleaseNotes23
Spacewalk 2.3 on RHEL 5 (CentOS 5)
Spacewalk is now no longer supported running on RHEL5/CentOS5

Comment 3 Jan Pazdziora 2015-05-04 07:58:28 UTC

(In reply to Göran Törnqvist from comment #2)
> Aha, it may be due to this:
> 
> https://fedorahosted.org/spacewalk/wiki/ReleaseNotes23
> Spacewalk 2.3 on RHEL 5 (CentOS 5)
> Spacewalk is now no longer supported running on RHEL5/CentOS5

That should not affect clients.

I believe the problem is now resolved, with

  https://www.redhat.com/archives/spacewalk-list/2015-April/msg00081.html

Could you please retry and see if you still hit the issue?

Comment 4 Göran Törnqvist 2015-05-04 11:32:54 UTC

Resynced my channels and all is working well now, thanks.

Comment 5 Tomáš Kašpárek 2017-03-03 12:24:47 UTC

closing according to comment#4

Comment 6 Eric Herget 2017-09-28 18:10:21 UTC

This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.

Note You need to log in before you can comment on or make changes to this bug.