Red Hat Bugzilla – Bug 845976
custom content gpg public key import necessary on client side
Last modified: 2012-08-09 09:02:35 EDT
Created attachment 602484 [details]
Description of problem:
Having created a custom gpg protected repository with a signed custom content and having uploaded respective public key, client has to agree on gpg key import. This isn't the case with Red Hat content.
Version-Release number of selected component (if applicable):
1 of 1
Steps to Reproduce:
1. create a custom repository, protected with entitlement and gpg
2. allow Red Hat and custom content within the custom repository and provide respective custom public gpg key
3. upload custom content signed with respective private gpg key
4. create client entitlement certificate and configuration rpm and apply the configuration on the client
5. install the custom content on the client---gpg key import confirmation required
6. install the Red Hat content on the client---no gpg key import confirmation required
Explicit gpg public key import confirmation required for custom content
custom signed content installs without explicit gpg public key import confirmation
- see the screen log attached
The Red Hat gpg key is imported as part the os installation of first yum transaction. Customers using their own gpg keys would have to have that key already installed. I believe the common understanding would be that this is part of a "typical gpg key process" and not have to call it out in any rhui documentation.
To the best of my knowledge there is *no* way to meet these expected results w/o the client already prepped w/ the custom gpg key.
Customers would have to follow something similar to:
The public gpg keys being distributed within the client configuration rpm, they could be imported during the post-install script execution as well.
But if that isn't required, no problem with me.
The clients should have to confirm the gpg key import if the cloud provider hasn't set up their images to have the key automatically imported.