Bug 1248449 - Package install from custom-repo on client failed as public-key for packages was not installed though key was associated to custom repo
Package install from custom-repo on client failed as public-key for packages ...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Other (Show other bugs)
6.1.0
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Eric Helms
Sachin Ghai
http://projects.theforeman.org/issues...
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-30 06:30 EDT by Sachin Ghai
Modified: 2017-02-23 14:48 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-12 12:05:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 11262 None None None 2016-04-22 11:53 EDT

  None (edit)
Description Sachin Ghai 2015-07-30 06:30:37 EDT
Description of problem:
I upgraded my setup from sat6.0.8 -> sat6.1.1 GA snap15 on rhel71. Upgrade was completed successfully.

I provisioned a rhel71 client and tried to install a package from custom repo. The package install failed with error:

---
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7Server/Default_Organization_fake_zoo/packages/cow-2.2-3.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY
Public key for cow-2.2-3.noarch.rpm is not installed
cow-2.2-3.noarch.rpm                                                                                                           | 2.4 kB  00:00:00     


Public key for cow-2.2-3.noarch.rpm is not installed
-----

Version-Release number of selected component (if applicable):
upgraded my setup from sat6.0.8 -> sat6.1.1 GA snap15 on rhel71.

How reproducible:
always

Steps to Reproduce:
1. upgraded my setup from sat6.0.8 -> sat6.1.1 GA snap15 on rhel71.
2. a custom repo is already created there and gpg-key is associated with that.
3.

Actual results:
package install failed with:

Public key for cow-2.2-3.noarch.rpm is not installed

Expected results:  while installing package GPG-key should also be retrieved.


Additional info:
I'm not sure if its upgrade related. But issue I'm facing on upgraded setup. thanks.
Comment 1 Sachin Ghai 2015-07-30 06:31:20 EDT
[root@shost ~]# yum repolist
Loaded plugins: package_upload, product-id, subscription-manager
Default_Organization_RHEL7_RHEL7_x86_64                                                                                        | 2.5 kB  00:00:00     
Default_Organization_fake_zoo                                                                                                  | 2.1 kB  00:00:00     
Default_Organization_sat61-tools_sat61-tools-rhel71                                                                            | 2.1 kB  00:00:00     
(1/9): Default_Organization_RHEL7_RHEL7_x86_64/group                                                                           | 505 kB  00:00:00     
(2/9): Default_Organization_RHEL7_RHEL7_x86_64/updateinfo                                                                      |   93 B  00:00:00     
(3/9): Default_Organization_RHEL7_RHEL7_x86_64/primary                                                                         | 1.6 MB  00:00:00     
(4/9): Default_Organization_fake_zoo/group                                                                                     | 1.7 kB  00:00:00     
(5/9): Default_Organization_fake_zoo/updateinfo                                                                                |  572 B  00:00:00     
(6/9): Default_Organization_fake_zoo/primary                                                                                   | 3.6 kB  00:00:00     
(7/9): Default_Organization_sat61-tools_sat61-tools-rhel71/updateinfo                                                          |   93 B  00:00:00     
(8/9): Default_Organization_sat61-tools_sat61-tools-rhel71/group                                                               | 1.1 kB  00:00:00     
(9/9): Default_Organization_sat61-tools_sat61-tools-rhel71/primary                                                             |  15 kB  00:00:00     
Default_Organization_RHEL7_RHEL7_x86_64                                                                                                     4371/4371
Default_Organization_fake_zoo                                                                                                                   32/32
Default_Organization_sat61-tools_sat61-tools-rhel71                                                                                             53/53
repo id                                                                                  repo name                                              status
!Default_Organization_RHEL7_RHEL7_x86_64                                                 RHEL7_x86_64                                           4,371
!Default_Organization_fake_zoo                                                           zoo                                                       32
!Default_Organization_sat61-tools_sat61-tools-rhel71                                     sat61-tools-rhel71                                        53
repolist: 4,456
[root@shost ~]# yum install cow
Loaded plugins: package_upload, product-id, subscription-manager
Default_Organization_RHEL7_RHEL7_x86_64                                                                                        | 2.5 kB  00:00:00     
Default_Organization_fake_zoo                                                                                                  | 2.1 kB  00:00:00     
Default_Organization_sat61-tools_sat61-tools-rhel71                                                                            | 2.1 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package cow.noarch 0:2.2-3 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                     Arch                           Version                       Repository                                             Size
======================================================================================================================================================
Installing:
 cow                         noarch                         2.2-3                         Default_Organization_fake_zoo                         2.4 k

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total download size: 2.4 k
Installed size: 42  
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7Server/Default_Organization_fake_zoo/packages/cow-2.2-3.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY
Public key for cow-2.2-3.noarch.rpm is not installed
cow-2.2-3.noarch.rpm                                                                                                           | 2.4 kB  00:00:00     


Public key for cow-2.2-3.noarch.rpm is not installed
[root@shost ~]#
Comment 2 Sachin Ghai 2015-07-30 06:33:01 EDT
snippet from /etc/yum.repos.d/redhat.repo (related to custom repo zoo)


---
[Default_Organization_fake_zoo]
sslclientcert = /etc/pki/entitlement/3085186868611868216.pem
baseurl = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/pulp/repos/Default_Organization/Dev/cv_rhel71/custom/fake/zoo
sslverify = 1
name = zoo
sslclientkey = /etc/pki/entitlement/3085186868611868216-key.pem
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 1
metadata_expire = 1
---


Please note that gpgcheck=1 but no URL is there to fetch the key. Is it expected ?
Comment 5 Sachin Ghai 2015-07-30 06:38:02 EDT
Another update from rhel67 client:

[root@hostrhel66 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.7 (Santiago)
[root@hostrhel66 ~]# rpm -qa | grep subscription-manager
subscription-manager-1.14.10-1.el6.x86_64


here is snippet from /etc/yum.repos.d/redhat.repo (related to custom repo zoo)

[Default_Organization_fake_zoo]
metadata_expire = 1
sslclientcert = /etc/pki/entitlement/5973642325542239318.pem
baseurl = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/pulp/repos/Default_Organization/Dev/cv_rhel66/custom/fake/zoo
sslverify = 1
name = zoo
sslclientkey = /etc/pki/entitlement/5973642325542239318-key.pem
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 0


Please note that here gpgcheck set to '0'.
Comment 7 Bryan Kearney 2015-07-30 14:04:50 EDT
Upstream bug assigned to ehelms@redhat.com
Comment 8 Eric Helms 2015-07-30 14:47:37 EDT
I opened an upstream bug related to this and a pull request to prevent this issue from occurring see https://github.com/Katello/katello/pull/5390

TLDR; During upgrades, we call 'update' on all repositories during the update metadata expire step which in turn causes any repository with an attached GPG key that is published into a content view to have the GPG key set to empty string.
Comment 9 Bryan Kearney 2015-07-31 10:04:36 EDT
Moving to POST since upstream bug http://projects.theforeman.org/issues/11262 has been closed
-------------
Eric Helms
Applied in changeset commit:katello|51b186415ce0fd3a7cbfbfb1d6db08f9ed824293.
Comment 10 Sachin Ghai 2015-08-03 06:31:53 EDT
I upgraded a sat6.0.8 to sta6.1.1 snap15. But realized after upgrade that 'latest-stable' link is not updated with "ruby193-rubygem-katello" package.

I assume that we can just update a single package to verify the bz ?

If so, what all steps are required to test except "yum update" on sat server?
Comment 11 Sachin Ghai 2015-08-03 08:02:25 EDT
Ok, So I updated package "ruby193-rubygem-katello-2.2.0.65-1.el7sat.noarch " and re-triggred the upgrade. So with the updated package, reported issue has been fixed. I can install package from custom repo.

here is the snippet from redhat.repo. where gpg-key url pointing to my external capsule:

---
[Default_Organization_fake_zoo]
sslclientcert = /etc/pki/entitlement/3247468422385731220.pem
baseurl = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/pulp/repos/Default_Organization/Dev/cv_rhel71/custom/fake/zoo
sslverify = 1
name = zoo
sslclientkey = /etc/pki/entitlement/3247468422385731220-key.pem
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 1
metadata_expire = 1
gpgkey = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/katello/api/repositories/13/gpg_key_content
---
Comment 12 Sachin Ghai 2015-08-03 08:03:13 EDT
package install works fine..


--
[root@shost ~]# yum repolist
Loaded plugins: package_upload, product-id, subscription-manager
repo id                                                                                  repo name                                              status
!Default_Organization_RHEL7_RHEL7_x86_64                                                 RHEL7_x86_64                                           4,371
!Default_Organization_fake_zoo                                                           zoo                                                       32
!Default_Organization_sat61-tools_sat61-tools-rhel71                                     sat61-tools-rhel71                                        53
repolist: 4,456
[root@shost ~]# yum install cow
Loaded plugins: package_upload, product-id, subscription-manager
Default_Organization_RHEL7_RHEL7_x86_64                                                                                        | 2.5 kB  00:00:00     
Default_Organization_fake_zoo                                                                                                  | 2.1 kB  00:00:00     
Default_Organization_sat61-tools_sat61-tools-rhel71                                                                            | 2.1 kB  00:00:00     
(1/4): Default_Organization_RHEL7_RHEL7_x86_64/updateinfo                                                                      |   93 B  00:00:00     
(2/4): Default_Organization_fake_zoo/updateinfo                                                                                |  572 B  00:00:00     
(3/4): Default_Organization_fake_zoo/primary                                                                                   | 3.6 kB  00:00:00     
(4/4): Default_Organization_RHEL7_RHEL7_x86_64/primary                                                                         | 1.6 MB  00:00:00     
Default_Organization_RHEL7_RHEL7_x86_64                                                                                                     4371/4371
Default_Organization_fake_zoo                                                                                                                   32/32
Resolving Dependencies
--> Running transaction check
---> Package cow.noarch 0:2.2-3 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                     Arch                           Version                       Repository                                             Size
======================================================================================================================================================
Installing:
 cow                         noarch                         2.2-3                         Default_Organization_fake_zoo                         2.4 k

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total size: 2.4 k
Installed size: 42  
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7Server/Default_Organization_fake_zoo/packages/cow-2.2-3.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY
Retrieving key from https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/katello/api/repositories/13/gpg_key_content
Importing GPG key 0xF78FB195:
 Userid     : "Dummy Packages Generator <admin@zoo.example.com>"
 Fingerprint: f918 5f7e 927a 00fb a8eb 65b5 ef85 cce3 f78f b195
 From       : https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/katello/api/repositories/13/gpg_key_content
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : cow-2.2-3.noarch                                                                                                                   1/1 
Uploading Package Profile
  Verifying  : cow-2.2-3.noarch                                                                                                                   1/1 

Installed:
  cow.noarch 0:2.2-3                                                                                                                                  

Complete!
[root@shost ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.1 (Maipo)
Comment 13 Sachin Ghai 2015-08-03 09:26:11 EDT
Moving this to verified as per comments 11 and 12. thanks
Comment 14 Bryan Kearney 2015-08-12 12:05:03 EDT
This bug was fixed in Satellite 6.1.1 which was delivered on 12 August, 2015.

Note You need to log in before you can comment on or make changes to this bug.