[Spacewalk-list] spacewalk client not seeing signed rpms, or Public key not installed error

Mon Apr 11 14:13:41 UTC 2011

Issue resolved.  A typo in the GPG key URL destination of my personal 
repository was the cause.  Method of gpg
key generation and key reassignment appears working.

Sorry for the error.

Janet Houser wrote:
> Hi,
>
> I'm a newbie and just installed spacewalk on my centos 5.5 server.  I 
> chose to install the software with the postgres,
> rather than oracle, database.
>
> I've followed the install instructions on this link:
>
> http://wiki.centos.org/HowTos/PackageManagement/Spacewalk
>
> deviating only slightly to make changes for postgres instead of 
> oracle.  Instructions were taken from the
> following pages:
>
> https://fedorahosted.org/spacewalk/wiki/HowToInstall12
> https://fedorahosted.org/spacewalk/wiki/PostgreSQLServerSetup
> https://fedorahosted.org/spacewalk/wiki/HowToInstall11
> https://fedorahosted.org/spacewalk/wiki/PostgreSQL
>
> Per the instructions I installed and synced the CentOS5 base, update 
> and spacewalk client channels.  I also
> setup a client machine and was able to yum install a package from the 
> CentOS Base repository on my spacewalk
> server.
>
> I need to keep separate yum repositories for a few systems who require 
> specialized rpm installations.  Following
> the links above, I tried to create a personal yum repository channel 
> and "sign" the files with my own generated
> gpg key  (I  also imported this key on my client machine).
>
> However, when I try to do a "yum install xxdiff" (and example of an 
> extra rpm found outside the base repository)
> I get the error:  Public key for xxdiff-3.2-12.0.cf.rhel5.i386.rpm is 
> not installed.  I tried to import another rpm
> without doing a "gpg --resign" on it prior to installation and 
> recieved the error "Package nxclient-3.4.0-7.i386.rpm is not signed".
>
> I tried resigning the xxdiff rpm and got the error:  "warning: 
> xxdiff-3.2-12.0.cf.rhel5.i386.rpm: was already signed by key ID 
> da5485bc, skipping"
> so I know the rpm is signed, and it looks like it is by the correct 
> gpg key that I created using the command "gpg --gen-key".   The key
> was exported and then rpm --import -ed  to my server.  It shows up in 
> the gpg --list-keys command.
>
> It seems as though the issue is on the client side, but I can't be 
> sure.  When I try to do a "yum install xxdiff", along with the public key
> error, I also get the error:
>
>   warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 
> b56a8bac
>
> For some reason, it is seeing a different key for the package.
> Instead of a yum install, I tried to schedule an install from the 
> spacewalk server to the client.  A push instead of a pull process.
> The install failed.  A "rhn_check -vvvvvv" on the client showed the 
> following error:
> -------
> warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 
> b56a8bac
> D: May free Score board((nil))
> D: Sending back response ((6,), 'Error while executing packages 
> action: Public key for xxdiff-3.2-12.0.cf.rhel5.i386.rpm is not 
> installed', {})
> XMLRPC ProtocolError: <ProtocolError for mymachine /XMLRPC: 500 
> Internal Server Error>
> -------
>
> I know I'm doing some basic newbie error, but I'm not sure what it 
> is.  BTW, the command "rpm -q gpg-pubkey"  on both
> the client and server show the repository key I created is installed.  
> It seems I am missing a critical step when I setup my
> own repository.
>
>
> I'm wondering if I have a bigger problem with my installation and it 
> is manifesting itself with the client.  When I initially
> login to the server with my created "admin" password, I always get two 
> https errors.  After I close the error boxes, I'm
> presented with the Overview page.  I don't see any obvious errors in 
> the httpd ssl logs.
>
> If someone could direct me to some configuration examples or readmes 
> on how to set up a personal repository using
> spacewalk, I'd be grateful.
> thanks.  sorry for the length of the post.