Red Hat Bugzilla – Bug 607673
No GPG key installation offer for custom channels
Last modified: 2015-01-04 16:57:35 EST
Description of problem:
Under my Satellite 530 I made a GPG key and prepared a custom channel specifying details of that GPG key in the "Security: GPG" section (during creation of custom channel)
The client systems which connecting the channel for first-time package installation are failing with:
Public key for <package_name> is not installed
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. make a GPG key (gpg --gen-key)
2. Export the public key to /root/RPM-GKHACHIK-KEY (gpg --armor --output ...)
3. Take any unsigned package and sign it by that key
4. Make a custom channel and specify the GPG settings of that key in the "Security: GPG" section
5. rhnpush that signed package to that channel
6. Register and assign a client system to that custom channel (NOT import that GPG key to the rpm db)
7. Try to make a yum install of that package.
yum install fails with:
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 13a11846
Public key for rhn-upgrade-18.104.22.168-1.el5sat.noarch.rpm is not installed
Package should get installed AND the public key should be offered to be imported.
Screenshot with the custom channel settings is attached.
Created attachment 426600 [details]
Custom channel with GPG info
rpm gpg keys have to be in /etc/pki/rpm-gpg/.
Yeah, but I have defined the "GPG key URL" - it does not matter ?
It does matter but yum-rhn-client blocks gpg keys for satellite/hosted managed repos other than from /etc/pki/rpm-gpg/.
I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it complains with:
GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'
It's thrown due to yum install <my_package_name> in the client system.
(In reply to comment #5)
> # COMMENT
> I did copied the server-side GPG key to the /rpm/etc/rpm-gpg/ but now it
> complains with:
> GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or
> directory: '/etc/pki/rpm-gpg/RPM-GKHACHIK-KEY'
> It's thrown due to yum install <my_package_name> in the client system.
Correction: on server-side the copy was made to: /etc/pki/rpm-gpg/
So, if I have the server's GPG public key installed in client side (rpm --import <RPM-GPG-KEY>), then the yum install of the package works.
If there is no other possible way of retrieving, getting that key installed automatically (like for RPM-GPG-KEY-redhat-release) - then please close this "issue".
Otherwise: would be nice to see it fixed in a way to get the key automatically installed by yum client and be continued with package installation.
GPG key have to be installed on client in /etc/pki/rpm-gpg/ directory.
It can't be downloaded from other machine (e.g. satellite) for security reasons.
See bug 213031.