[Spacewalk-list] Spacewalk client RPMs are not signed !?
Jan Pazdziora
jpazdziora at redhat.com
Wed Jan 4 08:03:27 UTC 2012
On Tue, Jan 03, 2012 at 03:29:38PM -0800, James Fillman wrote:
> I'm setting up my Spacewalk server to support CentOS6 servers. I've created a new base channel for CentOS6 along with child channel for extras, updates, and Spacewalk client RPMs. I've just discovered that none of the spacewalk client RPM's are signed! The old client RPMs I have in my CentOS 5 channel are signed. Unsigned RPMs are going to cause problems when kickstarting and installing new packages through Spacewalk.
>
> I'm grabbing the client RPMs from here:
>
> Am I missing something? Shouldn't these files need to be signed if they are to be used within a Spacewalk channel? I don't like the idea of my CentOS servers using any other source for RPMs other than Spacewalk.
>
You missed the chance to tell us the URL from which you are getting
the rpms. :-)
When I look at the 1.6-client repo and pick one rpm at random, I get
$ rpm -qp --nosignature --qf '%{SIGGPG:pgpsig}\n' http://spacewalk.redhat.com/yum/1.6-client/RHEL/6/x86_64/spacewalk-certs-tools-1.6.7-1.el6.noarch.rpm
DSA/SHA1, Thu 22 Dec 2011 12:02:29 PM CET, Key ID ed635379b3892132
So the package is signed alright with key b3892132. Which is exactly
the http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2010 key.
--
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list