Bug 1537555 - Cannot remove GPGkey from client repo
Summary: Cannot remove GPGkey from client repo
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: GPG Keys
Version: Unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: 6.7.0
Assignee: Justin Sherrill
QA Contact: jcallaha
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-01-23 13:47 UTC by Sean O'Keeffe
Modified: 2020-04-14 13:22 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:22:23 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 26443 Normal Closed changing gpg key on a repository has no effect 2020-06-10 17:45:38 UTC
Red Hat Knowledge Base (Solution) 3715031 None None None 2018-11-25 18:20:02 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:22:43 UTC

Description Sean O'Keeffe 2018-01-23 13:47:01 UTC
Description of problem:
If I have a custom repo with the wrong GPGkey and have a client registered to use it via the Default Org View and then remove it from the repo in Katello, i cannot get the client to update.

Version-Release number of selected component (if applicable):
katello 3.5

How reproducible:


Steps to Reproduce:
1. create incorrect GPGkey
2. sync custom product/repo using the incorrect GPGKey
3. attach client (i used default org view)
4. "yum install foo -y" will give you:

===================================================================================================================================================================================================================
 Package                                                      Arch                            Version                                  Repository                                                             Size
===================================================================================================================================================================================================================
Installing:
 katello-host-tools                                           noarch                          3.1.0-1.el7                              Default_Organization_CentOS_7_Katello_Client                           20 k
Installing for dependencies:
 katello-host-tools-fact-plugin                               noarch                          3.1.0-1.el7                              Default_Organization_CentOS_7_Katello_Client                           12 k
 libxslt                                                      x86_64                          1.1.28-5.el7                             Default_Organization_CentOS_7_Centos_7_OS                             242 k
 python-argcomplete                                           noarch                          1.7.0-1.el7                              Default_Organization_EPEL_EPEL                                         49 k
 python-backports                                             x86_64                          1.0-8.el7                                Default_Organization_CentOS_7_Centos_7_OS                             5.8 k
 python-backports-ssl_match_hostname                          noarch                          3.4.0.2-4.el7                            Default_Organization_CentOS_7_Centos_7_OS                              12 k
 python-beautifulsoup4                                        noarch                          4.3.2-1.el7                              Default_Organization_EPEL_EPEL                                        149 k
 python-html5lib                                              noarch                          1:0.999-5.el7                            Default_Organization_EPEL_EPEL                                        206 k
 python-lxml                                                  x86_64                          3.2.1-4.el7                              Default_Organization_CentOS_7_Centos_7_OS                             758 k
 python-setuptools                                            noarch                          0.9.8-7.el7                              Default_Organization_CentOS_7_Centos_7_OS                             397 k
 python-six                                                   noarch                          1.9.0-2.el7                              Default_Organization_CentOS_7_Centos_7_OS                              29 k
 python2-psutil                                               x86_64                          2.2.1-3.el7                              Default_Organization_EPEL_EPEL                                        116 k
 python2-tracer                                               noarch                          0.6.13.1-1.el7                           Default_Organization_EPEL_EPEL                                        105 k
 tracer-common                                                noarch                          0.6.13.1-1.el7                           Default_Organization_EPEL_EPEL                                         26 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package (+13 Dependent packages)

Total size: 2.1 M
Installed size: 7.9 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/Default_Organization_CentOS_7_Katello_Client/packages/katello-host-tools-fact-plugin-3.1.0-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 2884ecef: NOKEY
Retrieving key from https://centos7-katello-3-5.sean.example.com/katello/api/repositories/5/gpg_key_content


GPG key retrieval failed: [Errno 14] HTTPS Error 404 - Not Found

4. So update the repo to remove the GPGKey

Actual results:
Client config will never change, even after sub-man unregister/register & removing the repo and re-creating it.

Expected results: 
Client to update repo GPGconfig with "sub-man refresh"  

Additional info:

I found this with Katello 3.5, probably the same on 6.3. I would have raised this directly upstream but not sure where the problem is in candlepin/katello/pulp

Comment 1 Sean O'Keeffe 2018-01-23 13:50:05 UTC
The only workaround I found was "subscription-manager repo-override --repo <REPOID> --add gpgcheck:0"

Comment 4 pm-sat@redhat.com 2018-09-20 12:23:38 UTC
Connecting redmine issue https://projects.theforeman.org/issues/15087 from this bug

Comment 6 Gary Scarborough 2019-01-06 21:46:21 UTC
Just wanted to update that I can confirm that this issue is present in 6.4 as well.

Comment 8 Bryan Kearney 2019-08-05 12:22:32 UTC
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.

Comment 10 jcallaha 2020-01-24 21:44:49 UTC
Verified in Satellite 6.7 snap 9

create a yum repo
create a content credential of a gpg key (any contents work)
register a system with sub-man and subscribe it to the yum repo
notice in /etc/yum.repos.d/redhat.repo there is no gpg key
Associate the gpg key with the repository on the repo details page
run sub-man refresh && yum repolist
notice in /etc/yum.repos.d/redhat.repo there is a gpg key for the repo
Remove the gpg key from the repo on the repo details page
run sub-man refresh
notice in /etc/yum.repos.d/redhat.repo thegpg key for the repo is now gone.

Comment 13 errata-xmlrpc 2020-04-14 13:22:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.