Project

General

Profile

Actions
Copy link

Bug #37580

open

Package actions on SLES fail if they involve a repo whose GPG key is not yet present on the target system

Added by Marcel Kühlhorn about 2 months ago. Updated about 2 months ago.

Status:
Ready For Testing
Priority:
Normal
Assignee:
Marcel Kühlhorn
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman_remote_execution/pull/906
Fixed in Releases:
Found in Releases:
foreman_remote_execution-12.0.5
Red Hat JIRA:

Description

One particularly annoying scenario is host registration with the new Register Host form, here one can choose to automatically install `katello-host-tools-tracer`, but the installation will fail because the third-party (ATIX) key is not known to zypper:

The following 2 NEW packages are going to be installed:
  katello-host-tools katello-host-tools-tracer

The following 2 packages have no support information from their vendor:
  katello-host-tools katello-host-tools-tracer

2 new packages to install.
Overall download size: 61.6 KiB. Already cached: 0 B. After the operation, additional 72.4 KiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving: katello-host-tools-4.2.3-5suse1500.noarch (SLES Client 15SP5)                                                                                                                                       (1/2),  41.6 KiB
Retrieving: katello-host-tools-4.2.3-5suse1500.noarch.rpm .......................................................................................................................................................[done (41.6 KiB/s)]
katello-host-tools-4.2.3-5suse1500.noarch.rpm:
    Header V4 RSA/SHA512 Signature, key ID 5bd96651df50fffb: NOKEY
    V4 RSA/SHA512 Signature, key ID 5bd96651df50fffb: NOKEY

warning: /var/tmp/AP_0xh8YNe3/Packages/k/katello-host-tools-4.2.3-5suse1500.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID df50fffb: NOKEY
Looking for gpg key ID DF50FFFB in cache /var/cache/zypp/pubkeys.
Looking for gpg key ID DF50FFFB in repository SLES Client 15SP5.
  gpgkey=https://or.supp206.mk/katello/api/v2/repositories/174/gpg_key_content?ssl_verify=host
Retrieving: gpg_key_content ......................................................................................................................................................................................[done (1.6 KiB/s)]

New repository or package signing key received:

  Repository:       SLES Client 15SP5
  Key Fingerprint:  CA56 F29E 0006 0B63 D089 0D0F 5BD9 6651 DF50 FFFB
  Key Name:         ATIX AG <info@atix.de>
  Key Algorithm:    RSA 4096
  Key Created:      Wed Aug 24 14:33:33 2022
  Key Expires:      (does not expire)
  Rpm Name:         gpg-pubkey-df50fffb-63061a9d

    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If
    you are not sure whether the presented key is authentic, ask the repository provider or check
    their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they
    are using.

Do you want to reject the key, or trust always? [r/a/?] (r): r
katello-host-tools-4.2.3-5suse1500.noarch (SLES Client 15SP5): Signature verification failed [4-Signatures public key is not available]
Abort, retry, ignore? [a/r/i] (a): a
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.

Proposed solution: automatically import GPG keys in the Package Action template

Actions
Copy link
 #1

Updated by The Foreman Bot about 2 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/906 added
Actions
Copy link

Also available in: Atom PDF