Actions
Bug #37580
closedPackage actions on SLES fail if they involve a repo whose GPG key is not yet present on the target system
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:
Description
One particularly annoying scenario is host registration with the new Register Host form, here one can choose to automatically install `katello-host-tools-tracer`, but the installation will fail because the third-party (ATIX) key is not known to zypper:
The following 2 NEW packages are going to be installed: katello-host-tools katello-host-tools-tracer The following 2 packages have no support information from their vendor: katello-host-tools katello-host-tools-tracer 2 new packages to install. Overall download size: 61.6 KiB. Already cached: 0 B. After the operation, additional 72.4 KiB will be used. Continue? [y/n/v/...? shows all options] (y): y Retrieving: katello-host-tools-4.2.3-5suse1500.noarch (SLES Client 15SP5) (1/2), 41.6 KiB Retrieving: katello-host-tools-4.2.3-5suse1500.noarch.rpm .......................................................................................................................................................[done (41.6 KiB/s)] katello-host-tools-4.2.3-5suse1500.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID 5bd96651df50fffb: NOKEY V4 RSA/SHA512 Signature, key ID 5bd96651df50fffb: NOKEY warning: /var/tmp/AP_0xh8YNe3/Packages/k/katello-host-tools-4.2.3-5suse1500.noarch.rpm: Header V4 RSA/SHA512 Signature, key ID df50fffb: NOKEY Looking for gpg key ID DF50FFFB in cache /var/cache/zypp/pubkeys. Looking for gpg key ID DF50FFFB in repository SLES Client 15SP5. gpgkey=https://or.supp206.mk/katello/api/v2/repositories/174/gpg_key_content?ssl_verify=host Retrieving: gpg_key_content ......................................................................................................................................................................................[done (1.6 KiB/s)] New repository or package signing key received: Repository: SLES Client 15SP5 Key Fingerprint: CA56 F29E 0006 0B63 D089 0D0F 5BD9 6651 DF50 FFFB Key Name: ATIX AG <info@atix.de> Key Algorithm: RSA 4096 Key Created: Wed Aug 24 14:33:33 2022 Key Expires: (does not expire) Rpm Name: gpg-pubkey-df50fffb-63061a9d Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise. Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If you are not sure whether the presented key is authentic, ask the repository provider or check their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they are using. Do you want to reject the key, or trust always? [r/a/?] (r): r katello-host-tools-4.2.3-5suse1500.noarch (SLES Client 15SP5): Signature verification failed [4-Signatures public key is not available] Abort, retry, ignore? [a/r/i] (a): a Problem occurred during or after installation or removal of packages: Installation has been aborted as directed.
Proposed solution: automatically import GPG keys in the Package Action template
Updated by The Foreman Bot 6 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman_remote_execution/pull/906 added
Updated by The Foreman Bot 3 months ago
- Fixed in Releases foreman_remote_execution-13.2.5 added
Updated by Anonymous 3 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_plugin|27b9b6ffc85b2db05d9dbbd075f52a281a709bd5.
Updated by Adam Ruzicka 2 months ago
- Fixed in Releases foreman_remote_execution-14.0.2 added
Actions