Bug 607673 - No GPG key installation offer for custom channels
No GPG key installation offer for custom channels
Status: CLOSED NOTABUG
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Client (Show other bugs)
530
All Linux
low Severity medium
: ---
: ---
Assigned To: Michael Mráka
Red Hat Satellite QA List
:
Depends On:
Blocks: 462714
  Show dependency treegraph
 
Reported: 2010-06-24 10:39 EDT by Garik Khachikyan
Modified: 2015-01-04 16:57 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-23 17:59:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Custom channel with GPG info (123.64 KB, image/png)
2010-06-24 10:40 EDT, Garik Khachikyan
no flags Details

  None (edit)
Description Garik Khachikyan 2010-06-24 10:39:59 EDT
Description of problem:
Under my Satellite 530 I made a GPG key and prepared a custom channel specifying details of that GPG key in the "Security: GPG" section (during creation of custom channel)
The client systems which connecting the channel for first-time package installation are failing with:
---
Public key for <package_name> is not installed
---

Version-Release number of selected component (if applicable):
yum-rhn-plugin-0.5.4-13
yum-3.2.22-20

How reproducible:
Always

Steps to Reproduce:
1. make a GPG key (gpg --gen-key)
2. Export the public key to /root/RPM-GKHACHIK-KEY (gpg --armor --output ...)
3. Take any unsigned package and sign it by that key
4. Make a custom channel and specify the GPG settings of that key in the "Security: GPG" section
5. rhnpush that signed package to that channel
6. Register and assign a client system to that custom channel (NOT import that GPG key to the rpm db)
7. Try to make a yum install of that package.

Actual results:
yum install fails with: 
---
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 13a11846
Public key for rhn-upgrade-5.3.0.24-1.el5sat.noarch.rpm is not installed
---

Expected results:
Package should get installed AND the public key should be offered to be imported.

Additional info:
Screenshot with the custom channel settings is attached.
Comment 1 Garik Khachikyan 2010-06-24 10:40:27 EDT
Created attachment 426600 [details]
Custom channel with GPG info
Comment 2 Michael Mráka 2010-06-28 06:08:33 EDT
rpm gpg keys have to be in /etc/pki/rpm-gpg/.
Comment 3 Garik Khachikyan 2010-06-28 06:32:52 EDT
# COMMENT

Yeah, but I have defined the "GPG key URL" - it does not matter ?
Comment 4 Michael Mráka 2010-06-28 07:16:53 EDT
It does matter but yum-rhn-client blocks gpg keys for satellite/hosted managed repos other than from /etc/pki/rpm-gpg/.
Comment 5 Garik Khachikyan 2010-06-28 08:58:44 EDT
# COMMENT

I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it complains with:
---
GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'

It's thrown due to yum install <my_package_name> in the client system.
Comment 7 Garik Khachikyan 2010-06-28 09:08:37 EDT
(In reply to comment #5)
> # COMMENT
> 
> I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it
> complains with:
> ---
> GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or
> directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'
> 
> It's thrown due to yum install <my_package_name> in the client system.    

Correction: on server-side the copy was made to: /etc/pki/rpm-gpg/
Comment 8 Garik Khachikyan 2010-06-28 09:38:18 EDT
# COMMENT

So, if I have the server's GPG public key installed in client side (rpm --import <RPM-GPG-KEY>), then the yum install of the package works.

If there is no other possible way of retrieving, getting that key installed automatically (like for RPM-GPG-KEY-redhat-release) - then please close this "issue".

Otherwise: would be nice to see it fixed in a way to get the key automatically installed by yum client and be continued with package installation.

thanks.
Comment 9 Michael Mráka 2010-09-23 17:59:05 EDT
GPG key have to be installed on client in /etc/pki/rpm-gpg/ directory.
It can't be downloaded from other machine (e.g. satellite) for security reasons.
See bug 213031.

Closing.

Note You need to log in before you can comment on or make changes to this bug.