Plugins » Katello

if i remember correctly this is due partially to an issue with subscription-manager.

It sees the local value of gpgcheck=1 and thinks its a local modification and so it does not override it, deleting the redhat.repo file and re-running yum update or install seems to correct it.

I am still experiencing this. I have republished a new content version without the repo, refreshed the redhat.repo to confirm it removed the repo, deleted the repo, then added it again to the product, published a new version, and gpgcheck = 1 instead of 0.

katello-agent-3.0.0.3.el7
katello-3.4.4.-2.el7
katello-repos-3.4.0-3.el7
foreman-1.15.3-1.el7

I have noticed the same, even if I delete the redhat.repo it is recreated with gpgcheck=1 (no key is attached to the product or the repo)

p-infra-katello.ks.net 10:47:19 ~ # rpm -q foreman katello
foreman-1.15.4-1.el7.noarch
katello-3.4.5-1.el7.noarch
p-infra-katello.ks.net 10:48:31 ~ # hammer repository info --product Foreman --name Foreman-1_15-plugins
ID:                 105
Name:               Foreman-1_15-plugins
Label:              Foreman-1_15-plugins
Red Hat Repository: no
Content Type:       yum
Checksum Type:      sha256
Mirror on Sync:     yes
URL:                http://yum.theforeman.org/plugins/1.15/el7/x86_64/
Publish Via HTTP:   yes
Published At:       http://p-infra-katello.ks.net/pulp/repos/KS/Library/custom/Foreman/Foreman-1_15-plugins/
Relative Path:      KS/Library/custom/Foreman/Foreman-1_15-plugins
Download Policy:    immediate
Product:            
    ID:   69
    Name: Foreman
GPG Key:            

Sync:               
    Status:
Created:            2017/07/27 14:57:05
Updated:            2017/09/16 13:36:42
Content Counts:     
    Packages:       355
    Package Groups: 0
    Errata:         0

p-infra-katello.ks.net 10:48:38 ~ # rm /etc/yum.repos.d/redhat.repo 
rm: remove regular file '/etc/yum.repos.d/redhat.repo'? y
p-infra-katello.ks.net 10:48:46 ~ # subscription-manager refresh
11 local certificates have been deleted.
All local data refreshed
p-infra-katello.ks.net 10:48:54 ~ # grep -A10 Foreman_Foreman-1_15-plugins /etc/yum.repos.d/redhat.repo 
[KS_Foreman_Foreman-1_15-plugins]
metadata_expire = 1
sslclientcert = /etc/pki/entitlement/411958510145065593696.pem
baseurl = https://p-infra-katello.ks.net/pulp/repos/KS/Library/custom/Foreman/Foreman-1_15-plugins
sslverify = 1
name = Foreman-1_15-plugins
sslclientkey = /etc/pki/entitlement/411958510106155593696-key.pem
gpgkey = https://p-infra-katello.ks.net/katello/api/repositories/105/gpg_key_content
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 1

There is still the same issue in katello 3.11 version (foreman 1.21.1). It configure gpgcheck = 1 even if I disable gpg check and why don't you sign rpm packages for client from : https://yum.theforeman.org/client/1.21/el7/$basearch ?

for example:

1. yum install katello-host-tools
   ....
   ...
   Package katello-host-tools-3.4.2-1.el7.noarch.rpm is not signed

1. cat /etc/yum.repos.d/redhat.repo

[snt_foreman_client_rhel_7_foreman_client_rhel_7]
metadata_expire = 1
sslclientcert = /etc/pki/entitlement/7543051306001336526.pem
baseurl = https://foreman.test.local/pulp/repos/snt/test/rhel7-servers/custom/foreman_client_rhel_7/foreman_client_rhel_7
sslverify = 1
name = foreman_client_rhel 7
sslclientkey = /etc/pki/entitlement/7543051306001336526-key.pem
gpgkey = https://foreman.test.local/katello/api/v2/repositories/13/gpg_key_content
enabled = 1
sslcacert = /etc/rhsm/ca/katello-server-ca.pem
gpgcheck = 1 -----> I disable gpg check!!