Bug 845976 - custom content gpg public key import necessary on client side
custom content gpg public key import necessary on client side
Status: CLOSED NOTABUG
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA (Show other bugs)
2.1
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: James Slagle
mkovacik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-06 07:08 EDT by mkovacik
Modified: 2012-08-09 09:02 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-09 09:02:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Screen log (38.02 KB, text/plain)
2012-08-06 07:08 EDT, mkovacik
no flags Details

  None (edit)
Description mkovacik 2012-08-06 07:08:17 EDT
Created attachment 602484 [details]
Screen log

Description of problem:
Having created a custom gpg protected repository with a signed custom content and having uploaded respective public key, client has to agree on gpg key import. This isn't the case with Red Hat content. 

Version-Release number of selected component (if applicable):
RHEL-6.3-RHUI-2.1-20120801.0-Server-x86_64-DVD1.iso

How reproducible:
1 of 1


Steps to Reproduce:
1. create a custom repository, protected with entitlement and gpg
2. allow Red Hat and custom content within the custom repository and provide respective custom public gpg key
3. upload custom content signed with respective private gpg key
4. create client entitlement certificate and configuration rpm and apply the configuration on the client
5. install the custom content on the client---gpg key import confirmation required
6. install the Red Hat content on the client---no gpg key import confirmation required
  
Actual results:
Explicit gpg public key import confirmation required for custom content

Expected results:
custom signed content installs without explicit gpg public key import confirmation
 
Additional info:
 - https://tcms.engineering.redhat.com/case/191046/?from_plan=6870
 - see the screen log attached
Comment 1 wes hayutin 2012-08-06 10:15:29 EDT
The Red Hat gpg key is imported as part the os installation of first yum transaction.  Customers using their own gpg keys would have to have that key already installed.  I believe the common understanding would be that this is part of a  "typical gpg key process" and not have to call it out in any rhui documentation.

To the best of my knowledge there is *no* way to meet these expected results w/o the client already prepped w/ the custom gpg key.

Customers would have to follow something similar to:
http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.0/html/Client_Configuration_Guide/ch-gpg-keys.html
Comment 2 mkovacik 2012-08-07 01:34:02 EDT
The public gpg keys being distributed within the client configuration rpm, they could be imported during the post-install script execution as well.
But if that isn't required, no problem with me.
Comment 3 James Slagle 2012-08-09 09:02:35 EDT
The clients should have to confirm the gpg key import if the cloud provider hasn't set up their images to have the key automatically imported.

Note You need to log in before you can comment on or make changes to this bug.