[Spacewalk-list] [EXTERNAL] Re: [External Sender] Re: missing public key

Peirce, Dean Dean.Peirce at cengage.com
Mon Feb 24 20:30:16 UTC 2020 

Hi Larry,

I think Stefan is on the right track… Check which keys you actually have installed on the client(s) with:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}’

Hopefully that will help narrow it down

—Dean

On Feb 24, 2020, at 3:17 PM, Stefan Bluhm <redhat.com at bluhm-de.com<mailto:redhat.com at bluhm-de.com>> wrote:

Hello Larry,

note that there is a client and server pubkey.gpg. Maybe you mixed them up?

The key on the client is independent from the server. It is matched to the original package source.

Only things I can think of is
1) that you installed the wrong key to the clients,
2) you pushed the keys to the client but you did not import them (rpm --import pubkey.gpg)
3) maybe place the key folder path into the corresponding channel field (this is local to the client, where the client would find the file on the HDD)

Maybe somebody else has different ideas.

Best wishes,

Stefan


________________________________
Von: "Larry Clegg" <lclegg at kyriba.com<mailto:lclegg at kyriba.com>>
An: "spacewalk-list" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Gesendet: Montag, 24. Februar 2020 21:09:33
Betreff: Re: [Spacewalk-list] [External Sender] Re:  missing public key

The client was originally provisioned against a Centos6/Spacewalk 2.8 server.  I did the standard client install of the rpms, etc as documented in the client installation guide.
Since then the 2.8 Spacewalk Server was rebuilt from scratch using Centos 7 and Spacewalk 2.9 and all the clients re-registered.

The SW channels are created on the server using the  spacewalk-common-channels command like this:  /usr/bin/spacewalk-common-channels - u <user> -p <pass> -a x86_64 spacewalk29-client-centos6

I have noticed that the gpg key generated in the SW channel for the 2.9 client looks like this:

GPG key URL: https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/spacewalk-2.9-client/pubkey.gpg<https://urldefense.com/v3/__https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/spacewalk-2.9-client/pubkey.gpg__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SQRCLWBrQ$>
GPG key ID: 9BD837BA
GPG key Fingerprint: A353 22CF 3B3F 9C71 101E  B74B 49FC 0FD8 9BD8 37BA

Yet when I download that same pubkey.gpg and examine it I get different results for the id and fingerprint:

[root at us3-inf-lu-s01 rpm-gpg]# gpg --with-fingerprint RPM-GPG-KEY-spacewalk-2.9
pub  2048R/6E5454FA 2018-11-26 @spacewalkproject_spacewalk-2.9 (None) <@spacewalkproject#spacewalk-2.9 at copr.fedorahosted.org<mailto:spacewalk-2.9 at copr.fedorahosted.org>>
      Key fingerprint = E089 1A20 65C5 4DDD 4E12  B8CA AD32 9E0D 6E54 54FA

I have updated the channel with this ID and Fingerprint but that made no difference.  I'm very confused at this point.  The client does have a public key installed which matched the version I get from the gpg --with-fingerprint command.

On Mon, Feb 24, 2020 at 11:32 AM Stefan Bluhm <redhat.com at bluhm-de.com<mailto:redhat.com at bluhm-de.com>> wrote:
Hello Larry,

how did you provision the client? When provisioning, you do need to push the key to the client first. This is not necessarily done automatically.

Best wishes,

Stefan

________________________________
Von: "Larry Clegg" <lclegg at kyriba.com<mailto:lclegg at kyriba.com>>
An: "spacewalk-list" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Gesendet: Montag, 24. Februar 2020 20:20:37
Betreff: [Spacewalk-list] missing public key

Greetings Spacewalkers:

I have gone over and over my configuration and I'm just not finding the problem.

Server: Spacewalk 2.9 on Centos 6 - all fully patched
Client: Centos6
download
This issue is NOT happening on all clients...only a few.  When I try to do a "yum upgrade" I get this message about rhncfg:

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 9bd837ba: NOKEY
Public key for rhncfg-5.10.129-1.el6.noarch.rpm is not installed
--
It is trying to upgrade rhncfg from 5.10.122-1 to 5.10.129-1
No other package reports this issue.  Using the --nogpg on the yum command line gets around this issue but I'd like to understand and fix root cause.

Any hints are greatly appreciated.




Larry E. Clegg

Systems Administrator | Kyriba

[Address] 4435 Eastgate Mall, Suite 200, San Diego, CA 92121

www.kyriba.com<https://urldefense.com/v3/__http://www.kyriba.com__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSc_qA16Q$> | Facebook<https://urldefense.com/v3/__https://www.facebook.com/KyribaCorp__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SRBS--OVQ$> | Twitter<https://urldefense.com/v3/__https://twitter.com/kyribacorp__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSNh8wcRA$> | LinkedIn<https://urldefense.com/v3/__http://www.linkedin.com/company/kyriba-corporation__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SRDB1NVxQ$> | Blog<https://urldefense.com/v3/__http://www.kyriba.com/blog__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SR2SSXUgg$>

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list<https://urldefense.com/v3/__https://www.redhat.com/mailman/listinfo/spacewalk-list__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSIXYd4yg$>
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list<https://urldefense.com/v3/__https://www.redhat.com/mailman/listinfo/spacewalk-list__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSIXYd4yg$>


--

Larry E. Clegg

Systems Administrator | Kyriba

[Address] 4435 Eastgate Mall, Suite 200, San Diego, CA 92121

www.kyriba.com<https://urldefense.com/v3/__http://www.kyriba.com/__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSpMfYTJw$> | Facebook<https://urldefense.com/v3/__https://www.facebook.com/KyribaCorp__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SRBS--OVQ$> | Twitter<https://urldefense.com/v3/__https://twitter.com/kyribacorp__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSNh8wcRA$> | LinkedIn<https://urldefense.com/v3/__http://www.linkedin.com/company/kyriba-corporation__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SRDB1NVxQ$> | Blog<https://urldefense.com/v3/__http://www.kyriba.com/blog__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SR2SSXUgg$>

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list<https://urldefense.com/v3/__https://www.redhat.com/mailman/listinfo/spacewalk-list__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSIXYd4yg$>
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://urldefense.com/v3/__https://www.redhat.com/mailman/listinfo/spacewalk-list__;!!MXVguWEtGgZw!dn0TRgvRSZTM6Aw5zPRCknsj3kD8t4RRR0wD3S8Lr6QTiLqcG25goRWR5SSIXYd4yg$

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200224/93b64fa7/attachment.htm>

More information about the Spacewalk-list mailing list