Actions
Bug #37580
closed
Package actions on SLES fail if they involve a repo whose GPG key is not yet present on the target system
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:
Description
One particularly annoying scenario is host registration with the new Register Host form, here one can choose to automatically install `katello-host-tools-tracer`, but the installation will fail because the third-party (ATIX) key is not known to zypper:
The following 2 NEW packages are going to be installed:
katello-host-tools katello-host-tools-tracer
The following 2 packages have no support information from their vendor:
katello-host-tools katello-host-tools-tracer
2 new packages to install.
Overall download size: 61.6 KiB. Already cached: 0 B. After the operation, additional 72.4 KiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving: katello-host-tools-4.2.3-5suse1500.noarch (SLES Client 15SP5) (1/2), 41.6 KiB
Retrieving: katello-host-tools-4.2.3-5suse1500.noarch.rpm .......................................................................................................................................................[done (41.6 KiB/s)]
katello-host-tools-4.2.3-5suse1500.noarch.rpm:
Header V4 RSA/SHA512 Signature, key ID 5bd96651df50fffb: NOKEY
V4 RSA/SHA512 Signature, key ID 5bd96651df50fffb: NOKEY
warning: /var/tmp/AP_0xh8YNe3/Packages/k/katello-host-tools-4.2.3-5suse1500.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID df50fffb: NOKEY
Looking for gpg key ID DF50FFFB in cache /var/cache/zypp/pubkeys.
Looking for gpg key ID DF50FFFB in repository SLES Client 15SP5.
gpgkey=https://or.supp206.mk/katello/api/v2/repositories/174/gpg_key_content?ssl_verify=host
Retrieving: gpg_key_content ......................................................................................................................................................................................[done (1.6 KiB/s)]
New repository or package signing key received:
Repository: SLES Client 15SP5
Key Fingerprint: CA56 F29E 0006 0B63 D089 0D0F 5BD9 6651 DF50 FFFB
Key Name: ATIX AG <info@atix.de>
Key Algorithm: RSA 4096
Key Created: Wed Aug 24 14:33:33 2022
Key Expires: (does not expire)
Rpm Name: gpg-pubkey-df50fffb-63061a9d
Note: Signing data enables the recipient to verify that no modifications occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
and in extreme cases even to a system compromise.
Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If
you are not sure whether the presented key is authentic, ask the repository provider or check
their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they
are using.
Do you want to reject the key, or trust always? [r/a/?] (r): r
katello-host-tools-4.2.3-5suse1500.noarch (SLES Client 15SP5): Signature verification failed [4-Signatures public key is not available]
Abort, retry, ignore? [a/r/i] (a): a
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.
Proposed solution: automatically import GPG keys in the Package Action template
Updated by The Foreman Bot 5 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman_remote_execution/pull/906 added
Updated by The Foreman Bot about 2 months ago
- Fixed in Releases foreman_remote_execution-13.2.5 added
Updated by Anonymous about 2 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_plugin|27b9b6ffc85b2db05d9dbbd075f52a281a709bd5.
Updated by Adam Ruzicka 21 days ago
- Fixed in Releases foreman_remote_execution-14.0.2 added
Actions