[Spacewalk-list] GPG key hosted on the spacewalk server via HTTP fails

Amedeo Salvati amedeo at oscert.net
Mon Sep 8 12:20:36 UTC 2014 

   you can write a bootstrap script that import the key / keys before registering to spacewalk server:
   rpm --import http://SPACEWALK.FQDN.COM/pub/KEY1
   ...
   rpm --import http://SPACEWALK.FQDN.COM/pub/KEYX
   best regards
   a

   Da: spacewalk-list-bounces at redhat.com

   A: spacewalk-list at redhat.com

   Cc:

   Data: Mon, 8 Sep 2014 13:49:29 +0200

   Oggetto: Re: [Spacewalk-list] GPG key hosted on the spacewalk server via HTTP fails

   > Nicolas Michel wrote:

   > % Hi,

   > %

   > % I'm starting to try spacewalk (21). I configured the epel repository. When

   > % trying to install some packages on the client OS configured with the

   > % spacewalk repositories, it fails saying it can't find the GPG key:

   > % warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID

   > % 0608b895: NOKEY

   > %

   > %

   > % Public key for jabberpy-0.5-0.21.el6.noarch.rpm is not installed

   > %

   > % I found the GPG here :

   > % http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 and copied it on my

   > % spacewalk server in /var/www/html/pub. So the URL is

   > % https://my_spacewalk_server/pub/RPM-GPG-KEY-EPEL-6 (I can see it with my

   > % browser so it is reachable).

   > %

   > % Then on spacewalk I setup the:

   > % - GPG key URL:*https://*my_spacewalk_server*/pub/RPM-GPG-KEY-EPEL-6*

   > % - GPG key ID: *0608B895*

   > % - GPG key Fingerprint: *8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895*

   > %

   > % When trying to re-install the package, it still fails.

   > %

   > % BUT, if I copy the key to the client serveur in

   > % /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

   > % AND setup the spacewalk channel "GPG key URL" to

   > % file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

   > % THEN it works:

   > %

   > % warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID

   > % 0608b895: NOKEY

   > % Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

   > % Importing GPG key 0x0608B895:

   > % Userid: "EPEL (6) "

   > % From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

   > % Is this ok [y/N]: n

   > %

   > % => why? Can't we import gpg key from HTTP? Will I need to copy the GPG key

   > % on each client?

   >

   > For security reasons - you can't really trust signature if

   > you download both rpm and key from the same source.

   > https://www.redhat.com/archives/spacewalk-list/2012-January/msg00193.html

   >

   >

   > Regards,

   >

   > --

   > Michael Mráka

   > Satellite Engineering, Red Hat

   >

   > _______________________________________________

   > Spacewalk-list mailing list

   > Spacewalk-list at redhat.com

   > https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20140908/a186e232/attachment.htm>

More information about the Spacewalk-list mailing list