Bug 1248449
| Summary: | Package install from custom-repo on client failed as public-key for packages was not installed though key was associated to custom repo | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Sachin Ghai <sghai> |
| Component: | Other | Assignee: | Eric Helms <ehelms> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Sachin Ghai <sghai> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1.0 | CC: | bbuckingham, chpeters, ehelms, mmccune, syangsao |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://projects.theforeman.org/issues/11262 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-08-12 16:05:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sachin Ghai
2015-07-30 10:30:37 UTC
[root@shost ~]# yum repolist Loaded plugins: package_upload, product-id, subscription-manager Default_Organization_RHEL7_RHEL7_x86_64 | 2.5 kB 00:00:00 Default_Organization_fake_zoo | 2.1 kB 00:00:00 Default_Organization_sat61-tools_sat61-tools-rhel71 | 2.1 kB 00:00:00 (1/9): Default_Organization_RHEL7_RHEL7_x86_64/group | 505 kB 00:00:00 (2/9): Default_Organization_RHEL7_RHEL7_x86_64/updateinfo | 93 B 00:00:00 (3/9): Default_Organization_RHEL7_RHEL7_x86_64/primary | 1.6 MB 00:00:00 (4/9): Default_Organization_fake_zoo/group | 1.7 kB 00:00:00 (5/9): Default_Organization_fake_zoo/updateinfo | 572 B 00:00:00 (6/9): Default_Organization_fake_zoo/primary | 3.6 kB 00:00:00 (7/9): Default_Organization_sat61-tools_sat61-tools-rhel71/updateinfo | 93 B 00:00:00 (8/9): Default_Organization_sat61-tools_sat61-tools-rhel71/group | 1.1 kB 00:00:00 (9/9): Default_Organization_sat61-tools_sat61-tools-rhel71/primary | 15 kB 00:00:00 Default_Organization_RHEL7_RHEL7_x86_64 4371/4371 Default_Organization_fake_zoo 32/32 Default_Organization_sat61-tools_sat61-tools-rhel71 53/53 repo id repo name status !Default_Organization_RHEL7_RHEL7_x86_64 RHEL7_x86_64 4,371 !Default_Organization_fake_zoo zoo 32 !Default_Organization_sat61-tools_sat61-tools-rhel71 sat61-tools-rhel71 53 repolist: 4,456 [root@shost ~]# yum install cow Loaded plugins: package_upload, product-id, subscription-manager Default_Organization_RHEL7_RHEL7_x86_64 | 2.5 kB 00:00:00 Default_Organization_fake_zoo | 2.1 kB 00:00:00 Default_Organization_sat61-tools_sat61-tools-rhel71 | 2.1 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package cow.noarch 0:2.2-3 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: cow noarch 2.2-3 Default_Organization_fake_zoo 2.4 k Transaction Summary ====================================================================================================================================================== Install 1 Package Total download size: 2.4 k Installed size: 42 Is this ok [y/d/N]: y Downloading packages: warning: /var/cache/yum/x86_64/7Server/Default_Organization_fake_zoo/packages/cow-2.2-3.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY Public key for cow-2.2-3.noarch.rpm is not installed cow-2.2-3.noarch.rpm | 2.4 kB 00:00:00 Public key for cow-2.2-3.noarch.rpm is not installed [root@shost ~]# snippet from /etc/yum.repos.d/redhat.repo (related to custom repo zoo) --- [Default_Organization_fake_zoo] sslclientcert = /etc/pki/entitlement/3085186868611868216.pem baseurl = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/pulp/repos/Default_Organization/Dev/cv_rhel71/custom/fake/zoo sslverify = 1 name = zoo sslclientkey = /etc/pki/entitlement/3085186868611868216-key.pem enabled = 1 sslcacert = /etc/rhsm/ca/katello-server-ca.pem gpgcheck = 1 metadata_expire = 1 --- Please note that gpgcheck=1 but no URL is there to fetch the key. Is it expected ? Another update from rhel67 client: [root@hostrhel66 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.7 (Santiago) [root@hostrhel66 ~]# rpm -qa | grep subscription-manager subscription-manager-1.14.10-1.el6.x86_64 here is snippet from /etc/yum.repos.d/redhat.repo (related to custom repo zoo) [Default_Organization_fake_zoo] metadata_expire = 1 sslclientcert = /etc/pki/entitlement/5973642325542239318.pem baseurl = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/pulp/repos/Default_Organization/Dev/cv_rhel66/custom/fake/zoo sslverify = 1 name = zoo sslclientkey = /etc/pki/entitlement/5973642325542239318-key.pem enabled = 1 sslcacert = /etc/rhsm/ca/katello-server-ca.pem gpgcheck = 0 Please note that here gpgcheck set to '0'. Upstream bug assigned to ehelms I opened an upstream bug related to this and a pull request to prevent this issue from occurring see https://github.com/Katello/katello/pull/5390 TLDR; During upgrades, we call 'update' on all repositories during the update metadata expire step which in turn causes any repository with an attached GPG key that is published into a content view to have the GPG key set to empty string. Moving to POST since upstream bug http://projects.theforeman.org/issues/11262 has been closed ------------- Eric Helms Applied in changeset commit:katello|51b186415ce0fd3a7cbfbfb1d6db08f9ed824293. I upgraded a sat6.0.8 to sta6.1.1 snap15. But realized after upgrade that 'latest-stable' link is not updated with "ruby193-rubygem-katello" package. I assume that we can just update a single package to verify the bz ? If so, what all steps are required to test except "yum update" on sat server? Ok, So I updated package "ruby193-rubygem-katello-2.2.0.65-1.el7sat.noarch " and re-triggred the upgrade. So with the updated package, reported issue has been fixed. I can install package from custom repo. here is the snippet from redhat.repo. where gpg-key url pointing to my external capsule: --- [Default_Organization_fake_zoo] sslclientcert = /etc/pki/entitlement/3247468422385731220.pem baseurl = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/pulp/repos/Default_Organization/Dev/cv_rhel71/custom/fake/zoo sslverify = 1 name = zoo sslclientkey = /etc/pki/entitlement/3247468422385731220-key.pem enabled = 1 sslcacert = /etc/rhsm/ca/katello-server-ca.pem gpgcheck = 1 metadata_expire = 1 gpgkey = https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/katello/api/repositories/13/gpg_key_content --- package install works fine.. -- [root@shost ~]# yum repolist Loaded plugins: package_upload, product-id, subscription-manager repo id repo name status !Default_Organization_RHEL7_RHEL7_x86_64 RHEL7_x86_64 4,371 !Default_Organization_fake_zoo zoo 32 !Default_Organization_sat61-tools_sat61-tools-rhel71 sat61-tools-rhel71 53 repolist: 4,456 [root@shost ~]# yum install cow Loaded plugins: package_upload, product-id, subscription-manager Default_Organization_RHEL7_RHEL7_x86_64 | 2.5 kB 00:00:00 Default_Organization_fake_zoo | 2.1 kB 00:00:00 Default_Organization_sat61-tools_sat61-tools-rhel71 | 2.1 kB 00:00:00 (1/4): Default_Organization_RHEL7_RHEL7_x86_64/updateinfo | 93 B 00:00:00 (2/4): Default_Organization_fake_zoo/updateinfo | 572 B 00:00:00 (3/4): Default_Organization_fake_zoo/primary | 3.6 kB 00:00:00 (4/4): Default_Organization_RHEL7_RHEL7_x86_64/primary | 1.6 MB 00:00:00 Default_Organization_RHEL7_RHEL7_x86_64 4371/4371 Default_Organization_fake_zoo 32/32 Resolving Dependencies --> Running transaction check ---> Package cow.noarch 0:2.2-3 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: cow noarch 2.2-3 Default_Organization_fake_zoo 2.4 k Transaction Summary ====================================================================================================================================================== Install 1 Package Total size: 2.4 k Installed size: 42 Is this ok [y/d/N]: y Downloading packages: warning: /var/cache/yum/x86_64/7Server/Default_Organization_fake_zoo/packages/cow-2.2-3.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY Retrieving key from https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/katello/api/repositories/13/gpg_key_content Importing GPG key 0xF78FB195: Userid : "Dummy Packages Generator <admin.com>" Fingerprint: f918 5f7e 927a 00fb a8eb 65b5 ef85 cce3 f78f b195 From : https://cloud-qe-22.idmqe.lab.eng.bos.redhat.com/katello/api/repositories/13/gpg_key_content Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : cow-2.2-3.noarch 1/1 Uploading Package Profile Verifying : cow-2.2-3.noarch 1/1 Installed: cow.noarch 0:2.2-3 Complete! [root@shost ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.1 (Maipo) Moving this to verified as per comments 11 and 12. thanks This bug was fixed in Satellite 6.1.1 which was delivered on 12 August, 2015. |