[Spacewalk-list] GPG key hosted on the spacewalk server via HTTP fails
Michael Mraka
michael.mraka at redhat.com
Mon Sep 8 11:49:29 UTC 2014
Nicolas Michel wrote:
% Hi,
%
% I'm starting to try spacewalk (21). I configured the epel repository. When
% trying to install some packages on the client OS configured with the
% spacewalk repositories, it fails saying it can't find the GPG key:
% warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID
% 0608b895: NOKEY
%
%
% Public key for jabberpy-0.5-0.21.el6.noarch.rpm is not installed
%
% I found the GPG here :
% http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 and copied it on my
% spacewalk server in /var/www/html/pub. So the URL is
% https://my_spacewalk_server/pub/RPM-GPG-KEY-EPEL-6 (I can see it with my
% browser so it is reachable).
%
% Then on spacewalk I setup the:
% - GPG key URL:*https://*my_spacewalk_server*/pub/RPM-GPG-KEY-EPEL-6*
% - GPG key ID: *0608B895*
% - GPG key Fingerprint: *8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895*
%
% When trying to re-install the package, it still fails.
%
% BUT, if I copy the key to the client serveur in
% /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
% AND setup the spacewalk channel "GPG key URL" to
% file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
% THEN it works:
%
% warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID
% 0608b895: NOKEY
% Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
% Importing GPG key 0x0608B895:
% Userid: "EPEL (6) <epel at fedoraproject.org>"
% From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
% Is this ok [y/N]: n
%
% => why? Can't we import gpg key from HTTP? Will I need to copy the GPG key
% on each client?
For security reasons - you can't really trust signature if
you download both rpm and key from the same source.
https://www.redhat.com/archives/spacewalk-list/2012-January/msg00193.html
Regards,
--
Michael Mráka
Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list