[Spacewalk-list] GPG keys for CentOS channels in Spacewalk
Wenkai Chen
wenkai_chen at ensigninfosecurity.com
Wed Mar 4 08:50:03 UTC 2020
HI Stefan,
Thanks.
So this means that in order to do GPG check for the clients, I would need to place the same GPG key on all registered clients on this channel at the same location? (file:///etc/pki/rpm-gpg/)
How does Spacewalk verify its integrity when it syncs its repositories for each channel? How does it ensure that the repo it syncs with have not been compromised?
[A close up of a sign Description generated with very high confidence]
Chen Wenkai
Infrastructure Security Engineer
[A picture containing building Description generated with high confidence] <https://www.linkedin.com/company/ensign-infosecurity/> [A picture containing tableware Description generated with high confidence] <https://youtu.be/9J7FkhXpb-4> [A close up of a sign Description generated with high confidence] <https://www.facebook.com/EnsignGlobal>
E: wenkai_chen at ensigninfosecurity.com
A: 30A Kallang Place, Level 9 Right Wing, Singapore 339213
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> On Behalf Of Stefan Bluhm
Sent: Wednesday, 4 March 2020 2:43 PM
To: spacewalk-list <spacewalk-list at redhat.com>
Subject: Re: [Spacewalk-list] GPG keys for CentOS channels in Spacewalk
EXTERNAL: Caution this email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello Chen,
the field GPG key on the channel setup is information for the package installer on the CLIENT.
It tells the package installer on the client where to find the GPG key for these packages. You have to enter it from the client point of view (in the same format the client would use it). So no URL. It must be a client local file location.
Best wishes,
Stefan
________________________________
Von: "Wenkai Chen" <wenkai_chen at ensigninfosecurity.com<mailto:wenkai_chen at ensigninfosecurity.com>>
An: "spacewalk-list" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Gesendet: Mittwoch, 4. März 2020 04:19:56
Betreff: [Spacewalk-list] GPG keys for CentOS channels in Spacewalk
HI Spacewalk users,
Sorry just would like to confirm.
When we enter GPG key into a channel on Spacewalk, does it mean that whenever we do a repo-sync, it does a gpg-check on all the packages downloaded and synced?
If there is no GPG key entered for a channel in Spacewalk, will there be a gpg-check?
If clients are registered to this channel on Spacewalk, will there be a gpg-check?
Thank you.
[A close up of a sign Description generated with very high confidence]
Chen Wenkai
Infrastructure Security Engineer
[A picture containing building Description generated with high confidence] <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fensign-infosecurity%2F&data=02%7C01%7Cwenkai_chen%40ensigninfosecurity.com%7Cbec92e4d7f924ce0609a08d7c0077ac5%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637189010679631245&sdata=gwUYQPIcYMJ0jgab4J585p5TEBny9%2BwdY2eJeD4N3iY%3D&reserved=0> [A picture containing tableware Description generated with high confidence] <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fyoutu.be%2F9J7FkhXpb-4&data=02%7C01%7Cwenkai_chen%40ensigninfosecurity.com%7Cbec92e4d7f924ce0609a08d7c0077ac5%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637189010679641236&sdata=Z%2BRMDHv5ifakyKT2oJoatuw4btwFNg4GEvAJ%2BzBmA%2B8%3D&reserved=0> [A close up of a sign Description generated with high confidence] <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FEnsignGlobal&data=02%7C01%7Cwenkai_chen%40ensigninfosecurity.com%7Cbec92e4d7f924ce0609a08d7c0077ac5%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637189010679641236&sdata=ldesps5s%2F2ASMZBP5Esel2ZUuziRX%2FQm4iCYoST2tjk%3D&reserved=0>
E: wenkai_chen at ensigninfosecurity.com<mailto:wenkai_chen at ensigninfosecurity.com>
A: 30A Kallang Place, Level 9 Right Wing, Singapore 339213
________________________________
CONFIDENTIALITY NOTICE: “This email is confidential and may also be privileged. If this email has been sent to you in error, please delete it immediately and notify us. Please do not copy, distribute or disseminate part or whole of this email if you are not the intended recipient or if you have not been authorized to do so. We reserve the right, to the extent and under circumstances permitted by applicable laws, to monitor, retain, intercept and block email messages to and from our systems. Thank you.”
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4746 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 631 bytes
Desc: image002.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1032 bytes
Desc: image003.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 552 bytes
Desc: image004.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.png
Type: image/png
Size: 6933 bytes
Desc: image013.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.png
Type: image/png
Size: 733 bytes
Desc: image014.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image015.png
Type: image/png
Size: 1169 bytes
Desc: image015.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image016.png
Type: image/png
Size: 709 bytes
Desc: image016.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20200304/96e0cdc4/attachment-0007.png>
More information about the Spacewalk-list
mailing list