Foreman » Packaging

This package comes from foreman-plugins repo. After disabling gpgcheck in yum configuration, it installed.

Hart,

I think this issue might be fixed by the following pull request: https://github.com/theforeman/foreman-packaging/pull/2819. Will you try running the installer again?

This time it fails on

Package tfm-rubygem-foreman_ansible_core-2.1.0-1.fm1_19.el7.noarch.rpm is not signed

I think this is a list of unsigned packages, it comes from changes applied by yum update, so maybe some other are not signed too

[root@foreman01 ~]# while read line; do rpm --checksig $line; done < <(find /var/cache/ -name "*rpm")  | grep -v pgp
/var/cache/yum/x86_64/7/foreman-plugins/packages/rubygem-smart_proxy_ansible-2.0.3-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-bastion-6.1.11-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-foreman-tasks-0.13.3-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-foreman_ansible_core-2.1.0-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-foreman_discovery-12.0.2-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-foreman_remote_execution-1.5.4-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-foreman_remote_execution_core-1.1.3-1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-foreman_templates-6.0.3-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/foreman-plugins/packages/tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.0-1.fm1_19.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/foreman-installer-katello-3.8.0-0.1.rc1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/katello-3.8.0-4.rc1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/katello-common-3.8.0-4.rc1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/katello-debug-3.8.0-4.rc1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/katello-installer-base-3.8.0-0.1.rc1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/katello-service-3.8.0-4.rc1.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/tfm-rubygem-hammer_cli_katello-0.14.0-1.201807171333git54e9f0b.el7.noarch.rpm: sha1 md5 OK
/var/cache/yum/x86_64/7/katello/packages/tfm-rubygem-katello-3.8.0-0.1.rc1.el7.noarch.rpm: sha1 md5 OK

Plugins are unsigned by design and we're not going to sign those. I do think the Katello packages are supposed to be signed. At least in Foreman we already sign the RCs so we can test that process.

Should the plugin repository configuration file have gpg check disabled by default ?

[foreman-plugins]
name=Foreman plugins 1.19
baseurl=https://yum.theforeman.org/plugins/1.19/el7/$basearch
enabled=1
gpgcheck=1

kattelo and katello-candlepin have gpgcheck disabled, yum update didn't complain about these packages.

Hart Mel wrote:

Should the plugin repository configuration file have gpg check disabled by default ?
[...]

Yes, it won't properly be fixed until RC2 out - but there is the workaround as you've discovered. Ewoud created the fix¹ but it's not released yet (that'll be RC2).

[1] https://github.com/theforeman/foreman-packaging/pull/2819