[Spacewalk-list] Channel GPG information

Snyder, Chris Chris_Snyder at sra.com
Fri Nov 30 13:13:15 UTC 2012


I knew that GPG defs associated with a Kickstart profile are available during the kickstart process, but I was asking about the ones associated with a *software channel*. If you go look at a channel definition, not a kickstart profile.  Go review a software channel definition and you'll see where you can define a channel-specific GPG Key URL, ID, and Fingerprint.    That's what I'm really asking about.    When/Where are THOSE used?  Is it possibly that if a client is registitered with a channel it's automatically gets that GPG key?  (That would really be cool.)

As for  why are GPG keys not associated with a repository definition, I was referring to those repos defined with a software channel, see 'Channels > Manage Software Channels > *some channel* > Repositories.  To me, it would make a hell of a lot more sense to have each of those repo records have GPG information and then when you relate a repo to a channel, that channel automatically have access/knowledge of the GPG for all related repos.  So I'm just confused why Spacewalk is designed the way it is, as I don't see why each channel has a single GPG definition as part of the core channel information, but the ability to relate to multiple repos, of which I think it would be safe to assume under normal circumstances,  each would need a different GPG key.

Thx
Gopher.

-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Fran Garcia
Sent: Wednesday, November 28, 2012 1:53 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Channel GPG information

On Wed, Nov 28, 2012 at 1:42 PM, Snyder, Chris wrote:
> A Channel definition has a 'Security: GPG' section which contains the GPG
> Key URL, ID, and Fingerprint.
>
> When/where does this information get used within Spacewalk?  Does Spacewalk
> automatically make this key available to any client system that registers
> with this channel?

It's used in the Kickstart post-installation phase. Once the system is
installed, it's fed all the GPG/SSL certificates that you've attached
to your kickstart.

This enables complaint-less installation of non-RH RPMs (ie: home-made
or vendor provided).


> Oh, and why are GPG keys NOT associated with a repository definition?  This
> would make the most sense to me versus having them related to a channel or
> kickstart profile.

If I understand correctly, you might or might not have (external)
repositories. Repos are only used to fetch external content (ie:
EPEL), and pushed into a local channel. Your standard way of
provisioning software will be create a channel and rhnpush your RPMs
into it, not fetch from an external source.

But I might be wrong, so any corrections will be appreciated :-)

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list




More information about the Spacewalk-list mailing list