Feature #26278
GPG sign Foreman client RPM repository
Description
Package https://yum.theforeman.org/client/1.20/el7/x86_64/foreman-client-release-1.20.2-1.el7.noarch.rpm sets up a GPG public key, but it is not the key used to sign the packages found in that repository. After some trial and error, I found the correct key, D0B17F13, at https://github.com/theforeman/foreman-packaging/blob/rpm/1.20/packages/katello-3.9/katello-repos-3.9/RPM-GPG-KEY-katello-2015.
Related issues
Associated revisions
History
#1
Updated by Ewoud Kohl van Wijngaarden about 3 years ago
At this point we're not signing the client packages repository. The packages in that repository are signed by some key, which for those packages happens to be that key. There is however no guarantee and we could include updates packages which might not be signed or signed with a different key.
#2
Updated by Ewoud Kohl van Wijngaarden about 3 years ago
- Related to Bug #26401: Remove Foreman GPG key from foreman-release-client added
#3
Updated by Ewoud Kohl van Wijngaarden almost 3 years ago
- Target version set to 1.23.0
- Subject changed from Incorrect GPG key for Foreman client RPM repository to GPG sign Foreman client RPM repository
- Tracker changed from Bug to Feature
#4
Updated by The Foreman Bot almost 3 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-packaging/pull/3862 added
#5
Updated by The Foreman Bot almost 3 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/3863 added
#6
Updated by Ewoud Kohl van Wijngaarden almost 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman-packaging|0c9164e8eab5f3ea084654cece4eca98c3e761cb.
#7
Updated by Ewoud Kohl van Wijngaarden almost 3 years ago
- Fixed in Releases 1.22.1, 1.23.0 added
#8
Updated by The Foreman Bot almost 3 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/3874 added
#9
Updated by The Foreman Bot almost 3 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/3875 added
#10
Updated by Ewoud Kohl van Wijngaarden almost 3 years ago
- Fixed in Releases 1.21.4 added
#11
Updated by Tomer Brisker over 2 years ago
- Fixed in Releases 1.21.1 added
- Fixed in Releases deleted (
1.21.4)
Fixes #26278 - GPG sign client repositories
This enforces that the client repo is GPG signed with the same key as
the main foreman repository.