Bug 669756
| Summary: | Unsigned packages cannot be installed through pulp-admin package install | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | Jay Dobies <jason.dobies> |
| Component: | z_other | Assignee: | Pradeep Kilambi <pkilambi> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dgao, jortel, tsanders |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-16 12:11:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 647488 | ||
Updated the repolib to explicitly set the gpgcheck=(0|1) based on whether any gpg keys are specified. In the case of sync'd fedora/rhel repos, this kind of sucks because in order to have the client (yum) do gpg checking, the user will have to upload the fedora/rhel gpg keys which are already on the (client) box. We need to revisit this! Fixed in 0.132. [root@pulp-qe ~]# rpm --checksig /tmp/unsigned-1.0-1.noarch.rpm
/tmp/unsigned-1.0-1.noarch.rpm: sha1 md5 OK
[root@pulp-qe ~]# rpm --checksig /tmp/unsigned-1.0-1.noarch.rpm
/tmp/unsigned-1.0-1.noarch.rpm: sha1 md5 OK
[root@pulp-qe ~]# pulp-admin content upload --repoid=foo /tmp/unsigned-1.0-1.noarch.rpm --nosig
* Starting Content Upload operation. See /var/log/pulp/client.log for more verbose output
* Performing Content Uploads to Pulp server
* Performing Repo Associations
* Content Upload complete.
[root@pulp-qe ~]# pulp-admin repo content --id=foo
+------------------------------------------+
Contents of foo
+------------------------------------------+
Packages in foo:
unsigned-1.0-1.noarch.rpm
Errata in foo:
none
Files in foo:
none
[root@pulp-qe ~]# pulp-client -u admin -p admin consumer create --id=fred
Successfully created consumer [ fred ]
[root@pulp-qe ~]# pulp-client consumer bind --repoid=foo
Successfully subscribed consumer [fred] to repo [foo]
[root@pulp-qe ~]# pulp-admin package install --consumerid=fred -n unsigned
Created task id: f2281d35-9826-11e0-8c90-54520040237d
Task is scheduled for: 2011-06-16 10:43
Waiting: [\]
[[['unsigned-1.0-1.noarch'], None]] installed on fred
Closing with Community Release 15 pulp-0.0.223-4. Closing with Community Release 15 pulp-0.0.223-4. |
When trying to do so, the package install failed. There aren't any flags to `package install` to indicate to ignore the signing. Here is a snippet from the logs: 2011-01-14 11:17:38,879 [INFO][asynctaskreplyqueue] run() @ consumer.py:65 - ready 2011-01-14 11:17:42,014 [INFO][asynctaskreplyqueue] received() @ consumer.py:159 - {asynctaskreplyqueue} received: { "origin": "f746e86a-dfc6-4787-aab5-55f39af08d93", "version": "0.2", "result": { "exval": "Traceback (most recent call last):\n\n File \"/usr/lib/python2.7/site-packages/gofer/messaging/dispatcher.py\", line 252, in __call__\n retval = method(*args, **keywords)\n\n File \"/usr/lib/gofer/plugins/pulp.py\", line 157, in install\n yb.processTransaction()\n\n File \"/usr/lib/python2.7/site-packages/yum/__init__.py\", line 4498, in processTransaction\n self._checkSignatures(pkgs,callback)\n\n File \"/usr/lib/python2.7/site-packages/yum/__init__.py\", line 4543, in _checkSignatures\n raise Errors.YumGPGCheckError, errmsg\n\nYumGPGCheckError: Package emoticons-0.1-2.x86_64.rpm is not signed\n", "xargs": [], "xstate": { "value": "Package emoticons-0.1-2.x86_64.rpm is not signed" }, "xclass": "YumGPGCheckError", "xmodule": "yum.Errors" }, "any": "ce2bd1de-1ff9-11e0-9fb5-5254003d10ee", "sn": "7bcb2b93-3b51-4548-ad12-11343fe67f3d" } 2011-01-14 11:17:42,014 [INFO][asynctaskreplyqueue] failed() @ async.py:229 - Task RMI (failed) Failed sn : 7bcb2b93-3b51-4548-ad12-11343fe67f3d origin : f746e86a-dfc6-4787-aab5-55f39af08d93 user data : ce2bd1de-1ff9-11e0-9fb5-5254003d10ee exception: Package emoticons-0.1-2.x86_64.rpm is not signed 2011-01-14 11:17:42,015 [ERROR][asynctaskreplyqueue] failed() @ task.py:207 - Task id:ce2bd1de-1ff9-11e0-9fb5-5254003d10ee, method_name:install: (YumGPGCheckError(),) 2011-01-14 11:17:42,017 [INFO][asynctaskreplyqueue] run() @ consumer.py:65 - ready