845976 – custom content gpg public key import necessary on client side

Bug 845976 - custom content gpg public key import necessary on client side

Summary: custom content gpg public key import necessary on client side

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Update Infrastructure for Cloud Providers
Classification:	Red Hat
Component:	RHUA
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	James Slagle
QA Contact:	mkovacik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-06 11:08 UTC by mkovacik
Modified:	2012-08-09 13:02 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-09 13:02:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Screen log (38.02 KB, text/plain) 2012-08-06 11:08 UTC, mkovacik	no flags	Details
View All

Description mkovacik 2012-08-06 11:08:17 UTC

Created attachment 602484 [details]
Screen log

Description of problem:
Having created a custom gpg protected repository with a signed custom content and having uploaded respective public key, client has to agree on gpg key import. This isn't the case with Red Hat content. 

Version-Release number of selected component (if applicable):
RHEL-6.3-RHUI-2.1-20120801.0-Server-x86_64-DVD1.iso

How reproducible:
1 of 1


Steps to Reproduce:
1. create a custom repository, protected with entitlement and gpg
2. allow Red Hat and custom content within the custom repository and provide respective custom public gpg key
3. upload custom content signed with respective private gpg key
4. create client entitlement certificate and configuration rpm and apply the configuration on the client
5. install the custom content on the client---gpg key import confirmation required
6. install the Red Hat content on the client---no gpg key import confirmation required
  
Actual results:
Explicit gpg public key import confirmation required for custom content

Expected results:
custom signed content installs without explicit gpg public key import confirmation
 
Additional info:
 - https://tcms.engineering.redhat.com/case/191046/?from_plan=6870
 - see the screen log attached

Comment 1 wes hayutin 2012-08-06 14:15:29 UTC

The Red Hat gpg key is imported as part the os installation of first yum transaction.  Customers using their own gpg keys would have to have that key already installed.  I believe the common understanding would be that this is part of a  "typical gpg key process" and not have to call it out in any rhui documentation.

To the best of my knowledge there is *no* way to meet these expected results w/o the client already prepped w/ the custom gpg key.

Customers would have to follow something similar to:
http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.0/html/Client_Configuration_Guide/ch-gpg-keys.html

Comment 2 mkovacik 2012-08-07 05:34:02 UTC

The public gpg keys being distributed within the client configuration rpm, they could be imported during the post-install script execution as well.
But if that isn't required, no problem with me.

Comment 3 James Slagle 2012-08-09 13:02:35 UTC

The clients should have to confirm the gpg key import if the cloud provider hasn't set up their images to have the key automatically imported.

Note You need to log in before you can comment on or make changes to this bug.