GPG sign Foreman client RPM repository
Package https://yum.theforeman.org/client/1.20/el7/x86_64/foreman-client-release-1.20.2-1.el7.noarch.rpm sets up a GPG public key, but it is not the key used to sign the packages found in that repository. After some trial and error, I found the correct key, D0B17F13, at https://github.com/theforeman/foreman-packaging/blob/rpm/1.20/packages/katello-3.9/katello-repos-3.9/RPM-GPG-KEY-katello-2015.
#1 Updated by Ewoud Kohl van Wijngaarden 11 months ago
At this point we're not signing the client packages repository. The packages in that repository are signed by some key, which for those packages happens to be that key. There is however no guarantee and we could include updates packages which might not be signed or signed with a different key.
#6 Updated by Ewoud Kohl van Wijngaarden 7 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman-packaging|0c9164e8eab5f3ea084654cece4eca98c3e761cb.