I knew that GPG defs associated with a Kickstart profile are available during the kickstart process, but I was asking about the ones associated with a *software channel*. If you go look at a channel definition, not a kickstart profile. Go review a software channel definition and you'll see where you can define a channel-specific GPG Key URL, ID, and Fingerprint. That's what I'm really asking about. When/Where are THOSE used? Is it possibly that if a client is registitered with a channel it's automatically gets that GPG key? (That would really be cool.)
As for why are GPG keys not associated with a repository definition, I was referring to those repos defined with a software channel, see 'Channels > Manage Software Channels > *some channel* > Repositories. To me, it would make a hell of a lot more sense to have each of those repo records have GPG information and then when you relate a repo to a channel, that channel automatically have access/knowledge of the GPG for all related repos. So I'm just confused why Spacewalk is designed the way it is, as I don't see why each channel has a single GPG definition as part of the core channel information, but the ability to relate to multiple repos, of which I think it would be safe to assume under normal circumstances, each would need a different GPG key. Thx Gopher. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Fran Garcia Sent: Wednesday, November 28, 2012 1:53 PM To: [email protected] Subject: Re: [Spacewalk-list] Channel GPG information On Wed, Nov 28, 2012 at 1:42 PM, Snyder, Chris wrote: > A Channel definition has a 'Security: GPG' section which contains the GPG > Key URL, ID, and Fingerprint. > > When/where does this information get used within Spacewalk? Does Spacewalk > automatically make this key available to any client system that registers > with this channel? It's used in the Kickstart post-installation phase. Once the system is installed, it's fed all the GPG/SSL certificates that you've attached to your kickstart. This enables complaint-less installation of non-RH RPMs (ie: home-made or vendor provided). > Oh, and why are GPG keys NOT associated with a repository definition? This > would make the most sense to me versus having them related to a channel or > kickstart profile. If I understand correctly, you might or might not have (external) repositories. Repos are only used to fetch external content (ie: EPEL), and pushed into a local channel. Your standard way of provisioning software will be create a channel and rhnpush your RPMs into it, not fetch from an external source. But I might be wrong, so any corrections will be appreciated :-) _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
