Bug 607673 - No GPG key installation offer for custom channels
Summary: No GPG key installation offer for custom channels
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Client   
(Show other bugs)
Version: 530
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Michael Mráka
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 462714
TreeView+ depends on / blocked
 
Reported: 2010-06-24 14:39 UTC by Garik Khachikyan
Modified: 2015-01-04 21:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-23 21:59:05 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Custom channel with GPG info (123.64 KB, image/png)
2010-06-24 14:40 UTC, Garik Khachikyan
no flags Details

Description Garik Khachikyan 2010-06-24 14:39:59 UTC
Description of problem:
Under my Satellite 530 I made a GPG key and prepared a custom channel specifying details of that GPG key in the "Security: GPG" section (during creation of custom channel)
The client systems which connecting the channel for first-time package installation are failing with:
---
Public key for <package_name> is not installed
---

Version-Release number of selected component (if applicable):
yum-rhn-plugin-0.5.4-13
yum-3.2.22-20

How reproducible:
Always

Steps to Reproduce:
1. make a GPG key (gpg --gen-key)
2. Export the public key to /root/RPM-GKHACHIK-KEY (gpg --armor --output ...)
3. Take any unsigned package and sign it by that key
4. Make a custom channel and specify the GPG settings of that key in the "Security: GPG" section
5. rhnpush that signed package to that channel
6. Register and assign a client system to that custom channel (NOT import that GPG key to the rpm db)
7. Try to make a yum install of that package.

Actual results:
yum install fails with: 
---
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 13a11846
Public key for rhn-upgrade-5.3.0.24-1.el5sat.noarch.rpm is not installed
---

Expected results:
Package should get installed AND the public key should be offered to be imported.

Additional info:
Screenshot with the custom channel settings is attached.

Comment 1 Garik Khachikyan 2010-06-24 14:40:27 UTC
Created attachment 426600 [details]
Custom channel with GPG info

Comment 2 Michael Mráka 2010-06-28 10:08:33 UTC
rpm gpg keys have to be in /etc/pki/rpm-gpg/.

Comment 3 Garik Khachikyan 2010-06-28 10:32:52 UTC
# COMMENT

Yeah, but I have defined the "GPG key URL" - it does not matter ?

Comment 4 Michael Mráka 2010-06-28 11:16:53 UTC
It does matter but yum-rhn-client blocks gpg keys for satellite/hosted managed repos other than from /etc/pki/rpm-gpg/.

Comment 5 Garik Khachikyan 2010-06-28 12:58:44 UTC
# COMMENT

I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it complains with:
---
GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'

It's thrown due to yum install <my_package_name> in the client system.

Comment 7 Garik Khachikyan 2010-06-28 13:08:37 UTC
(In reply to comment #5)
> # COMMENT
> 
> I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it
> complains with:
> ---
> GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or
> directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'
> 
> It's thrown due to yum install <my_package_name> in the client system.    

Correction: on server-side the copy was made to: /etc/pki/rpm-gpg/

Comment 8 Garik Khachikyan 2010-06-28 13:38:18 UTC
# COMMENT

So, if I have the server's GPG public key installed in client side (rpm --import <RPM-GPG-KEY>), then the yum install of the package works.

If there is no other possible way of retrieving, getting that key installed automatically (like for RPM-GPG-KEY-redhat-release) - then please close this "issue".

Otherwise: would be nice to see it fixed in a way to get the key automatically installed by yum client and be continued with package installation.

thanks.

Comment 9 Michael Mráka 2010-09-23 21:59:05 UTC
GPG key have to be installed on client in /etc/pki/rpm-gpg/ directory.
It can't be downloaded from other machine (e.g. satellite) for security reasons.
See bug 213031.

Closing.


Note You need to log in before you can comment on or make changes to this bug.