[Spacewalk-list] Issues with SLES 11 SP3 - NOKEY and Support level

Will, Chris CWill at bcbsm.com
Mon Oct 12 14:59:42 UTC 2015 

Thanks for your help.  So I can assume that when I issue the rpm -qip xxx command on the spacewalk server, it will always show the NOKEY.  Which key should be copied/imported to the client?  I have a few in the /pub directory.

RHN-ORG-TRUSTED-SSL-CERT-SUSE
RHN-ORG-TRUSTED-SSL-CERT-SLES <- This is the one I copied from Novell.

RHN-ORG-TRUSTED-SSL-CERT

Chris Will

-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Reed, Steven
Sent: Saturday, October 10, 2015 8:59 AM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Issues with SLES 11 SP3 - NOKEY and Support level

Mattias is correct when used with spacewalk zypper uses the --no-gpgkeys option.  Remove the gpg info.

-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Mattias Giese
Sent: Saturday, 10 October 2015 8:17 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Issues with SLES 11 SP3 - NOKEY and Support level

Heya,

On 09/10/15 14:10:09, Will, Chris wrote:
> Hello,
>
> I have the following issue when I try to update my SLES 11 SP3 servers.
>
> The following packages are going to be upgraded:
>   inst-source-utils libgcrypt11 libgcrypt11-32bit libicu libmysqlclient_r15 spacewalk-check spacewalk-client-setup
>   spacewalk-client-tools spacewalksd zypp-plugin-spacewalk
>
> The following packages are not supported by their vendor:
>   inst-source-utils libgcrypt11 libgcrypt11-32bit libicu libmysqlclient_r15 spacewalk-check spacewalk-client-setup
>   spacewalk-client-tools spacewalksd zypp-plugin-spacewalk
>
> When I list the RPM packages with rpm -qip xxxxx I get the following output.
>
> php53-sysvshm-5.3.17-45.1.s390x.rpm
> [root at rhelspacedev1 4bbe516c1893601f2f8015845a646094]# rpm -qip 
> php53-sysvshm-5.3.17-45.1.s390x.rpm
> warning: php53-sysvshm-5.3.17-45.1.s390x.rpm: Header V3 RSA/SHA256 Signature, key ID 307e3d54: NOKEY
> Name        : php53-sysvshm                Relocations: (not relocatable)
> Version     : 5.3.17                            Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
> Release     : 45.1                          Build Date: Wed 29 Jul 2015 04:37:43 AM EDT
> Install Date: (not installed)               Build Host: s390lp5
> Group       : Development/Languages/Other   Source RPM: php53-5.3.17-45.1.src.rpm
> Size        : 14849                            License: PHP-3.01
> Signature   : RSA/8, Tue 01 Sep 2015 12:58:36 AM EDT, Key ID e3a5c360307e3d54
> Packager    : https://www.suse.com/
> URL         : http://www.php.net
> Summary     : PHP5 Extension Module
> Description :
> PHP interface for System V shared memory.
>
> Authors: The PHP Group See http://www.php.net/credits.php for more 
> details

You have not imported the gpg keys an the system itself (using rpm
--import)
>
> I also have the GPG key URL, GPG key ID and GPG key Fingerprint fields filled in.  I can successfully mirror channels but not sure why I am getting the above errors.

I find it kinda interesting that repository refreshing itself works. For SUSE systems you should not configure any GPG settings for a channel, because it will IIRC cause the spacewalk plugin for zypper to turn on gpg checking globally (for repo metadata and packages). As spacewalk cannot sign repository metadata zypper shoulld refuse to do anything at all. zypper will turn off gpg checking if you remove the gpg info from the channel and it should work for you. This is also the default with SUSE Manager.

Regards,

Mattias

--
Mattias Giese
System Management & Monitoring Architect

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

This email (including any attachments) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee(s). If you have received this email in error, please notify the sender by return email, delete this email and destroy any copy. Any use, distribution, disclosure or copying of this email by a person who is not the intended recipient is not authorised.

Views expressed in this email are those of the individual sender, and are not necessarily the views of Transport for NSW, Department of Transport or any other NSW government agency. Transport for NSW and the Department of Transport assume no liability for any loss, damage or other consequence which may arise from opening or using an email or attachment.
Please visit us at http://www.transport.nsw.gov.au or http://www.transportnsw.info

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.

More information about the Spacewalk-list mailing list