Red Hat Bugzilla – Bug 530598
yum not downloading gpgkey from http:// url in "GPG key URL"
Last modified: 2011-01-28 09:53:51 EST
Description of problem: In spacewalk channel properties, if a "file://" url is specified in the "GPG key URL" field, yum on the client automatically imports the key. However if an "http://" url is specified in the field, yum does not automatically import. Version-Release number of selected component (if applicable): RHEL v5.2 Spacewalk v0.6.4-1 How reproducible: Steps to Reproduce: 1. Remove your custom gpgkey from rpm db 2. Enter a valid http:// url (to a gpgkey that your rpms are signed with) in the "GPG key URL" field of the channel (containing your signed rpms) properties. 3. On a client registered with spacewalk and is entitled to this channel, attempt to download a package from the channel in question. Actual results: Public key for <package_name> is not installed Expected results: yum automatically downloads gpgkey from url. Additional info: This works if you have a /etc/yum.repo/reponame.repo with a... "gpgkey=http://path_to_key" in the file. Many Thanks!
A custom gpgkey is what I'm using, but you can try this with any gpg key that is linked to any repository. I tried it with linuxha gpgkey, with no luck.
Mass-moving to space13.
Rhnplugin don't allow to import automatically other keys than file://etc/pki/rpm-gpg/* for security reason - checking packages downloaded over the net with key downloaded from the same source can be very easily man-in-the-middle attacked. You have to create an rpm with custom keys similar to redhat-release, fedora-release or epel-release.