<div class="xam_msg_class"> you can write a bootstrap script that import the key / keys before registering to spacewalk server:<br /><br />rpm --import http://SPACEWALK.FQDN.COM/pub/KEY1<br />...<br />rpm --import http://SPACEWALK.FQDN.COM/pub/KEYX<br /><br />best regards<br />a<br /><br /> <div><span style="font-family:Arial; font-size:11px; color:#5F5F5F;">Da</span><span style="font-family:Arial; font-size:12px; color:#5F5F5F; padding-left:5px;">: spacewalk-list-bounces@redhat.com</span></div> <div><span style="font-family:Arial; font-size:11px; color:#5F5F5F;">A</span><span style="font-family:Arial; font-size:12px; color:#5F5F5F; padding-left:5px;">: spacewalk-list@redhat.com</span></div> <div><span style="font-family:Arial; font-size:11px; color:#5F5F5F;">Cc</span><span style="font-family:Arial; font-size:12px; color:#5F5F5F; padding-left:5px;">: </span></div> <div><span style="font-family:Arial; font-size:11px; color:#5F5F5F;">Data</span><span style="font-family:Arial; font-size:12px; color:#5F5F5F; padding-left:5px;">: Mon, 8 Sep 2014 13:49:29 +0200</span></div> <div><span style="font-family:Arial; font-size:11px; color:#5F5F5F;">Oggetto</span><span style="font-family:Arial; font-size:12px; color:#5F5F5F; padding-left:5px;">: Re: [Spacewalk-list] GPG key hosted on the spacewalk server via HTTP fails</span></div> <br /> <div>> Nicolas Michel wrote:</div><div>> % Hi,</div><div>> % </div><div>> % I'm starting to try spacewalk (21). I configured the epel repository. When</div><div>> % trying to install some packages on the client OS configured with the</div><div>> % spacewalk repositories, it fails saying it can't find the GPG key:</div><div>> % warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID</div><div>> % 0608b895: NOKEY</div><div>> % </div><div>> % </div><div>> % Public key for jabberpy-0.5-0.21.el6.noarch.rpm is not installed</div><div>> % </div><div>> % I found the GPG here :</div><div>> % http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 and copied it on my</div><div>> % spacewalk server in /var/www/html/pub. So the URL is</div><div>> % https://my_spacewalk_server/pub/RPM-GPG-KEY-EPEL-6 (I can see it with my</div><div>> % browser so it is reachable).</div><div>> % </div><div>> % Then on spacewalk I setup the:</div><div>> % - GPG key URL:*https://*my_spacewalk_server*/pub/RPM-GPG-KEY-EPEL-6*</div><div>> % - GPG key ID: *0608B895*</div><div>> % - GPG key Fingerprint: *8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895*</div><div>> % </div><div>> % When trying to re-install the package, it still fails.</div><div>> % </div><div>> % BUT, if I copy the key to the client serveur in</div><div>> % /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6</div><div>> % AND setup the spacewalk channel "GPG key URL" to</div><div>> % file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6</div><div>> % THEN it works:</div><div>> % </div><div>> % warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID</div><div>> % 0608b895: NOKEY</div><div>> % Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6</div><div>> % Importing GPG key 0x0608B895:</div><div>> % Userid: "EPEL (6) <epel@fedoraproject.org>"</epel@fedoraproject.org></div><div>> % From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6</div><div>> % Is this ok [y/N]: n</div><div>> % </div><div>> % => why? Can't we import gpg key from HTTP? Will I need to copy the GPG key</div><div>> % on each client?</div><div>> </div><div>> For security reasons - you can't really trust signature if</div><div>> you download both rpm and key from the same source.</div><div>> https://www.redhat.com/archives/spacewalk-list/2012-January/msg00193.html</div><div>> </div><div>> </div><div>> Regards,</div><div>> </div><div>> --</div><div>> Michael Mráka</div><div>> Satellite Engineering, Red Hat</div><div>> </div><div>> _______________________________________________</div><div>> Spacewalk-list mailing list</div><div>> Spacewalk-list@redhat.com</div><div>> https://www.redhat.com/mailman/listinfo/spacewalk-list</div> </div>