Project

General

Profile

Feature #26278

GPG sign Foreman client RPM repository

Added by Peter Oliver 7 months ago. Updated 3 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Ewoud Kohl van Wijngaarden
Category:
RPMs
Target version:
Foreman - 1.23.0
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman-packaging/pull/3863, https://github.com/theforeman/foreman-packaging/pull/3862, https://github.com/theforeman/foreman-packaging/pull/3875, https://github.com/theforeman/foreman-packaging/pull/3874
Fixed in Releases:
Foreman - 1.21.1, Foreman - 1.22.1, Foreman - 1.23.0
Found in Releases:
Foreman - 1.20.0

Description

Package https://yum.theforeman.org/client/1.20/el7/x86_64/foreman-client-release-1.20.2-1.el7.noarch.rpm sets up a GPG public key, but it is not the key used to sign the packages found in that repository. After some trial and error, I found the correct key, D0B17F13, at https://github.com/theforeman/foreman-packaging/blob/rpm/1.20/packages/katello-3.9/katello-repos-3.9/RPM-GPG-KEY-katello-2015.

Related issues

Related to Packaging - Bug #26401: Remove Foreman GPG key from foreman-release-clientClosed

Associated revisions

Revision 0c9164e8 (diff)
Added by Ewoud Kohl van Wijngaarden 3 months ago

Fixes #26278 - GPG sign client repositories

This enforces that the client repo is GPG signed with the same key as
the main foreman repository.

History

#1 Updated by Ewoud Kohl van Wijngaarden 7 months ago

At this point we're not signing the client packages repository. The packages in that repository are signed by some key, which for those packages happens to be that key. There is however no guarantee and we could include updates packages which might not be signed or signed with a different key.

#2 Updated by Ewoud Kohl van Wijngaarden 6 months ago

  • Related to Bug #26401: Remove Foreman GPG key from foreman-release-client added

#3 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Target version set to 1.23.0
  • Subject changed from Incorrect GPG key for Foreman client RPM repository to GPG sign Foreman client RPM repository
  • Tracker changed from Bug to Feature

#4 Updated by The Foreman Bot 3 months ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-packaging/pull/3862 added

#5 Updated by The Foreman Bot 3 months ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/3863 added

#6 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Status changed from Ready For Testing to Closed

#7 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Fixed in Releases 1.22.1, 1.23.0 added

#8 Updated by The Foreman Bot 3 months ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/3874 added

#9 Updated by The Foreman Bot 3 months ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/3875 added

#10 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Fixed in Releases 1.21.4 added

#11 Updated by Tomer Brisker 3 days ago

  • Fixed in Releases 1.21.1 added
  • Fixed in Releases deleted (1.21.4)

Also available in: Atom PDF