Description of problem: If I have a custom repo with the wrong GPGkey and have a client registered to use it via the Default Org View and then remove it from the repo in Katello, i cannot get the client to update. Version-Release number of selected component (if applicable): katello 3.5 How reproducible: Steps to Reproduce: 1. create incorrect GPGkey 2. sync custom product/repo using the incorrect GPGKey 3. attach client (i used default org view) 4. "yum install foo -y" will give you: =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: katello-host-tools noarch 3.1.0-1.el7 Default_Organization_CentOS_7_Katello_Client 20 k Installing for dependencies: katello-host-tools-fact-plugin noarch 3.1.0-1.el7 Default_Organization_CentOS_7_Katello_Client 12 k libxslt x86_64 1.1.28-5.el7 Default_Organization_CentOS_7_Centos_7_OS 242 k python-argcomplete noarch 1.7.0-1.el7 Default_Organization_EPEL_EPEL 49 k python-backports x86_64 1.0-8.el7 Default_Organization_CentOS_7_Centos_7_OS 5.8 k python-backports-ssl_match_hostname noarch 3.4.0.2-4.el7 Default_Organization_CentOS_7_Centos_7_OS 12 k python-beautifulsoup4 noarch 4.3.2-1.el7 Default_Organization_EPEL_EPEL 149 k python-html5lib noarch 1:0.999-5.el7 Default_Organization_EPEL_EPEL 206 k python-lxml x86_64 3.2.1-4.el7 Default_Organization_CentOS_7_Centos_7_OS 758 k python-setuptools noarch 0.9.8-7.el7 Default_Organization_CentOS_7_Centos_7_OS 397 k python-six noarch 1.9.0-2.el7 Default_Organization_CentOS_7_Centos_7_OS 29 k python2-psutil x86_64 2.2.1-3.el7 Default_Organization_EPEL_EPEL 116 k python2-tracer noarch 0.6.13.1-1.el7 Default_Organization_EPEL_EPEL 105 k tracer-common noarch 0.6.13.1-1.el7 Default_Organization_EPEL_EPEL 26 k Transaction Summary =================================================================================================================================================================================================================== Install 1 Package (+13 Dependent packages) Total size: 2.1 M Installed size: 7.9 M Downloading packages: warning: /var/cache/yum/x86_64/7/Default_Organization_CentOS_7_Katello_Client/packages/katello-host-tools-fact-plugin-3.1.0-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 2884ecef: NOKEY Retrieving key from https://centos7-katello-3-5.sean.example.com/katello/api/repositories/5/gpg_key_content GPG key retrieval failed: [Errno 14] HTTPS Error 404 - Not Found 4. So update the repo to remove the GPGKey Actual results: Client config will never change, even after sub-man unregister/register & removing the repo and re-creating it. Expected results: Client to update repo GPGconfig with "sub-man refresh" Additional info: I found this with Katello 3.5, probably the same on 6.3. I would have raised this directly upstream but not sure where the problem is in candlepin/katello/pulp
The only workaround I found was "subscription-manager repo-override --repo <REPOID> --add gpgcheck:0"
Connecting redmine issue https://projects.theforeman.org/issues/15087 from this bug
Just wanted to update that I can confirm that this issue is present in 6.4 as well.
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.
Verified in Satellite 6.7 snap 9 create a yum repo create a content credential of a gpg key (any contents work) register a system with sub-man and subscribe it to the yum repo notice in /etc/yum.repos.d/redhat.repo there is no gpg key Associate the gpg key with the repository on the repo details page run sub-man refresh && yum repolist notice in /etc/yum.repos.d/redhat.repo there is a gpg key for the repo Remove the gpg key from the repo on the repo details page run sub-man refresh notice in /etc/yum.repos.d/redhat.repo thegpg key for the repo is now gone.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454