are the any plans to extend the spacewalk-repo-sync functionality with
resigning incoming packages with supplied own GPG Key ?
on the other hand, does no one use own Keys for all files in spacewalk ?
Regards
Frank
On 11/14/2013 01:55 PM, Milan Zázrivec wrote:
On Thursday 14 November 2013 10:59:39 Frank Paulick wrote:
this works for 1 or 2 packages.
i would like to resign all packages already imported in my spacewalk
server (~30000 Packages)
at best without resyncing them from the external repositories
as far as i know there is also no way to resign packages imported by
using "spacewalk-repo-sync"
to summarize, how can i resign all packages for a local spacewalk server
with my own key ?
Re-sign all rpms on your /var/satellite and somehow make Spacewalk
automatically pick up (i.e. recompute checksums, re-generate repodata)
the newly signed content? I'm afraid that's not possible.
By re-signing the package, you effectively changed it (its checksum and
signature anyway). At this point, your Spacewalk won't do anything. And yes,
yum on the client side will report checksum mismatches, b/c that's what
happened, right? You wouldn't want someone to alter the package content
and expect your Spacewalk to act like it's okay, would you?
So if you trust the new (re-signed) rpms, you need to re-push / re-sync them
to your Spacewalk channels. This needs to be a deliberate action, same way
re-signing the rpms was a deliberate action.
This of course can be automated with API & rhnpush: you will simply have
a list of packages that you need to re-push, delete the old one (using API)
and re-push it into its channel(s) using rhnpush.
-MZ
On 11/14/2013 10:51 AM, Milan Zázrivec wrote:
On Thursday 14 November 2013 10:48:26 Frank Paulick wrote:
Hi,
is there a way/procedure to resign already in spacewalk imported rpm
packages with a new key?
when doing a "rpm --resign" on an rpm package laying in /var/satellite ,
the client can't download the package afterwards anymore.
it quits with the message
error was [Errno -1] Package does not match intended download
the suggested "yum clean metadata" did not help
as far as i can see because of the resign the rpm package has changed
and spacewalk doesn't yet know about it.
if i'm right with this, how can i get spacewalk to update it's
information on the package ?
Delete it & re-push the package again.
-MZ
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
--
beste Grüße,
Frank Paulick
Baader Bank AG
Weihenstephaner Str. 4
85716 Unterschleißheim
Deutschland
Telefon: +49-89/5150-1522
Telefax: +49-89/5150-2421
Email: [email protected]
Internet: http://www.baaderbank.de
http://www.bondboard.de
******************************************************************************************************
Baader Bank AG: Vorstand: Uto Baader (Vors.), Nico Baader, Dieter Brichmann,
Dieter Silmen; Vorsitzender des Aufsichtsrates: Dr. Horst Schiessl; Amtsgericht
München HRB 121537; Sitz der Gesellschaft: Unterschleissheim; StNr.
143/100/10066; USt-IdNr. DE114123893.
******************************************************************************************************
Diese Email enthält vertrauliche Informationen. Sollten Sie diese Email
irrtümlich erhalten, machen wir Sie darauf aufmerksam, dass jegliche Verwendung
strikt untersagt ist. Bitte informieren Sie uns gegebenenfalls unverzüglich und
vernichten Sie das Original. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Email ist nicht gestattet.
Wir haben alle verkehrsüblichen Maßnahmen unternommen, um das Risiko der
Verbreitung virenbefallener Software oder Emails zu minimieren, dennoch raten
wir Ihnen, Ihre eigenen Virenkontrollen auf alle Anhänge an dieser Nachricht
durchzuführen. Wir schließen außer für den Fall von Vorsatz die Haftung für
jeglichen Verlust oder Schäden durch virenbefallene Software oder Emails aus.
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
