Description of problem: Recent version of rhsm: subscription-manager-0.99.13-1.el6.x86_64 has an issue with gpgcheck: it always set to 0 independent from the fact that the custom repo that I assigned my system using Katello has there GPGkey assigned. Version-Release number of selected component (if applicable): subscription-manager-0.99.13-1.el6.x86_64 python-rhsm-0.99.8-1.el6.noarch How reproducible: always Steps to Reproduce: 1.in Katello do prepare repo with GKGkey (e.g.: http://inecas.fedorapeople.org/fakerepos/zoo3/ with gpgkey from: http://inecas.fedorapeople.org/fakerepos/zoo/RPM-GPG-KEY-dummy-packages-generator) 2.sync it and assign a system (self-register would also work) to register and consume that repo. 3.try repolist and then look at: /etc/yum.repos.d/redhat.repo Actual results: gpgcheck = 0 in there Expected results: in case when repo has gpg key: fetch and use that correctly. Additional info: I remember it was working before (had test that was passing before)
Created attachment 579037 [details] pem files sending in a tarball. 1596817263600090748.pem 1596817263600090748-key.pem
There does not appear to be a gpgkey set in those entitlement certs, so at least for those certs, subscription-manager appears to be doing the right thing.
The entitlement cert doesn't actually have a gpg key url set in it. I just ran a quick test on a katello install, and it looks like if you change the gpgkey url on an existing repository, that change is never propagated down to candlepin. Creating a repository with a gpg key set originally gets the key url into candlepin, and thus into the entitlement cert. Reassigning to katello.
setting to 1.0.z since the implications of this are fairly severe
Hrmmm I have not been able to reproduce the original scenario with katello master and the latest rhsm from 6.2 or the version that Garik mentioned. In both cases gpgcheck is set to 1. Garik, Which version of katello did you find this with? Still going to address the issue where you enable/disable the gpg key on an existing repo.
fixed in katello master: 604d36ae7c6056d6559d64cdba94422cc68f3ec5
This is going to fail. For more info see https://bugzilla.redhat.com/show_bug.cgi?id=824581 which has the most up-to-date information.
Rather, it's not going to fail but gpgkey will be set in the repo file while gpgcheck will still be 0. Pull request: https://github.com/Katello/katello/pull/729 Commit SHA: a609539ac3b4f9f72c155f15b7521ad4bfd1f429
the above code was actually reverted and the fix was implemented within Candlepin itself. This bug looks largely like a dupe of: https://bugzilla.redhat.com/show_bug.cgi?id=824581 which we have as VERIFIED. If QE wants to re-test this go ahead.
this is also blocked by: https://bugzilla.redhat.com/show_bug.cgi?id=834125
Talk to Og and are going to close this as a dupe *** This bug has been marked as a duplicate of bug 824581 ***