Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira ( If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1537555 - Cannot remove GPGkey from client repo
Summary: Cannot remove GPGkey from client repo
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Content Credentials
Version: Unspecified
Hardware: Unspecified
OS: Unspecified
Target Milestone: 6.7.0
Assignee: Justin Sherrill
QA Contact: jcallaha
Depends On:
TreeView+ depends on / blocked
Reported: 2018-01-23 13:47 UTC by Sean O'Keeffe
Modified: 2024-06-13 20:50 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-04-14 13:22:23 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 26443 0 Normal Closed changing gpg key on a repository has no effect 2020-12-22 18:59:15 UTC
Red Hat Knowledge Base (Solution) 3715031 0 None None None 2018-11-25 18:20:02 UTC
Red Hat Product Errata RHSA-2020:1454 0 None None None 2020-04-14 13:22:43 UTC

Description Sean O'Keeffe 2018-01-23 13:47:01 UTC
Description of problem:
If I have a custom repo with the wrong GPGkey and have a client registered to use it via the Default Org View and then remove it from the repo in Katello, i cannot get the client to update.

Version-Release number of selected component (if applicable):
katello 3.5

How reproducible:

Steps to Reproduce:
1. create incorrect GPGkey
2. sync custom product/repo using the incorrect GPGKey
3. attach client (i used default org view)
4. "yum install foo -y" will give you:

 Package                                                      Arch                            Version                                  Repository                                                             Size
 katello-host-tools                                           noarch                          3.1.0-1.el7                              Default_Organization_CentOS_7_Katello_Client                           20 k
Installing for dependencies:
 katello-host-tools-fact-plugin                               noarch                          3.1.0-1.el7                              Default_Organization_CentOS_7_Katello_Client                           12 k
 libxslt                                                      x86_64                          1.1.28-5.el7                             Default_Organization_CentOS_7_Centos_7_OS                             242 k
 python-argcomplete                                           noarch                          1.7.0-1.el7                              Default_Organization_EPEL_EPEL                                         49 k
 python-backports                                             x86_64                          1.0-8.el7                                Default_Organization_CentOS_7_Centos_7_OS                             5.8 k
 python-backports-ssl_match_hostname                          noarch                                            Default_Organization_CentOS_7_Centos_7_OS                              12 k
 python-beautifulsoup4                                        noarch                          4.3.2-1.el7                              Default_Organization_EPEL_EPEL                                        149 k
 python-html5lib                                              noarch                          1:0.999-5.el7                            Default_Organization_EPEL_EPEL                                        206 k
 python-lxml                                                  x86_64                          3.2.1-4.el7                              Default_Organization_CentOS_7_Centos_7_OS                             758 k
 python-setuptools                                            noarch                          0.9.8-7.el7                              Default_Organization_CentOS_7_Centos_7_OS                             397 k
 python-six                                                   noarch                          1.9.0-2.el7                              Default_Organization_CentOS_7_Centos_7_OS                              29 k
 python2-psutil                                               x86_64                          2.2.1-3.el7                              Default_Organization_EPEL_EPEL                                        116 k
 python2-tracer                                               noarch                                           Default_Organization_EPEL_EPEL                                        105 k
 tracer-common                                                noarch                                           Default_Organization_EPEL_EPEL                                         26 k

Transaction Summary
Install  1 Package (+13 Dependent packages)

Total size: 2.1 M
Installed size: 7.9 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/Default_Organization_CentOS_7_Katello_Client/packages/katello-host-tools-fact-plugin-3.1.0-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 2884ecef: NOKEY
Retrieving key from

GPG key retrieval failed: [Errno 14] HTTPS Error 404 - Not Found

4. So update the repo to remove the GPGKey

Actual results:
Client config will never change, even after sub-man unregister/register & removing the repo and re-creating it.

Expected results: 
Client to update repo GPGconfig with "sub-man refresh"  

Additional info:

I found this with Katello 3.5, probably the same on 6.3. I would have raised this directly upstream but not sure where the problem is in candlepin/katello/pulp

Comment 1 Sean O'Keeffe 2018-01-23 13:50:05 UTC
The only workaround I found was "subscription-manager repo-override --repo <REPOID> --add gpgcheck:0"

Comment 4 Satellite Program 2018-09-20 12:23:38 UTC
Connecting redmine issue from this bug

Comment 6 Gary Scarborough 2019-01-06 21:46:21 UTC
Just wanted to update that I can confirm that this issue is present in 6.4 as well.

Comment 8 Bryan Kearney 2019-08-05 12:22:32 UTC
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.

Comment 10 jcallaha 2020-01-24 21:44:49 UTC
Verified in Satellite 6.7 snap 9

create a yum repo
create a content credential of a gpg key (any contents work)
register a system with sub-man and subscribe it to the yum repo
notice in /etc/yum.repos.d/redhat.repo there is no gpg key
Associate the gpg key with the repository on the repo details page
run sub-man refresh && yum repolist
notice in /etc/yum.repos.d/redhat.repo there is a gpg key for the repo
Remove the gpg key from the repo on the repo details page
run sub-man refresh
notice in /etc/yum.repos.d/redhat.repo thegpg key for the repo is now gone.

Comment 13 errata-xmlrpc 2020-04-14 13:22:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.