[Spacewalk-list] GPG key hosted on the spacewalk server via HTTP fails

Nicolas Michel be.nicolas.michel at gmail.com
Mon Sep 8 12:27:11 UTC 2014 

Especially as the input box is named "gpg URL". It would be more clear that
a local file is required.

2014-09-08 14:25 GMT+02:00 Nicolas Michel <be.nicolas.michel at gmail.com>:

> Thank you!
>
> It would be a good idea either to generate an error with that explanation
> somewhere in the log or even put a text tip below the input box of the "GPG
> URL" to inform users.
> Because currently, no doc, no traces, nothing. I just do nothing except
> that failure indicating it misses the key.
>
>
> 2014-09-08 13:49 GMT+02:00 Michael Mraka <michael.mraka at redhat.com>:
>
>> Nicolas Michel wrote:
>> % Hi,
>> %
>> % I'm starting to try spacewalk (21). I configured the epel repository.
>> When
>> % trying to install some packages on the client OS configured with the
>> % spacewalk repositories, it fails saying it can't find the GPG key:
>> %     warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID
>> % 0608b895: NOKEY
>> %
>> %
>> %     Public key for jabberpy-0.5-0.21.el6.noarch.rpm is not installed
>> %
>> % I found the GPG here :
>> % http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 and copied it
>> on my
>> % spacewalk server in /var/www/html/pub. So the URL is
>> % https://my_spacewalk_server/pub/RPM-GPG-KEY-EPEL-6 (I can see it with
>> my
>> % browser so it is reachable).
>> %
>> % Then on spacewalk I setup the:
>> % - GPG key URL:*https://*my_spacewalk_server*/pub/RPM-GPG-KEY-EPEL-6*
>> % - GPG key ID: *0608B895*
>> % - GPG key Fingerprint: *8C3B E96A F230 9184 DA5C  0DAE 3B49 DF2A 0608
>> B895*
>> %
>> % When trying to re-install the package, it still fails.
>> %
>> % BUT, if I copy the key to the client serveur in
>> % /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
>> % AND setup the spacewalk channel "GPG key URL" to
>> % file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
>> % THEN it works:
>> %
>> % warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID
>> % 0608b895: NOKEY
>> % Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
>> % Importing GPG key 0x0608B895:
>> %  Userid: "EPEL (6) <epel at fedoraproject.org>"
>> %  From  : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
>> % Is this ok [y/N]: n
>> %
>> % => why? Can't we import gpg key from HTTP? Will I need to copy the GPG
>> key
>> % on each client?
>>
>> For security reasons - you can't really trust signature if
>> you download both rpm and key from the same source.
>> https://www.redhat.com/archives/spacewalk-list/2012-January/msg00193.html
>>
>>
>> Regards,
>>
>> --
>> Michael Mráka
>> Satellite Engineering, Red Hat
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
>
>
> --
> Nicolas MICHEL
>



-- 
Nicolas MICHEL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20140908/5627f069/attachment.htm>

More information about the Spacewalk-list mailing list