Hi everybody, we are using Spacewalk 2.0 in our company and it is really amazing, thanks for your hard work.
Recently, I was thinking about ways to centrally manage GPG keys which sign RPM packages. I am aware of the posibility to import them during the kickstart of newly installed machines, which I do, but since I occasionally add new subchannels with new repositories and subscribe existing clients to them, I would be glad for a way to manage it centrally. Specifying and using GPG files specified on per-channel basis seems to me as the most convenient way (since Spacewalk allows you to specify GPG key in channel properties). I searched this mailing list and found a relevant post that says: "for spacewalk channel yum will automatically import only keys from file:///etc/pki/rpm-gpg for security r[a]esons". According to my test, it is true (if I run "yum install -y <package>", it works on client without corresponding GPG key IF the key is specified in channel properties and it is located in /etc/pki/rpm-gpg on client machine. However, this procedure fails with message: Client execution returned "Error while executing packages action: Refusing to automatically import keys when running unattended. [[6]]" (code -1) if I try to install the package from web interface (System -> select -> Software -> Packages -> Install). Is this the supposed behaviour? Am I missing something? S. -- Stanislav Židek Bezpečnostní konzultant/analytik Security Consultant/Analyst Technické oddělení on-line systémy Sekce - bezpečnost C.S.G. Software Group Limited organizační složka Kaštanová 64, 620 00 BRNO, CZ IČ:27741362 DIČ:CZ27741362 Office : KAJOT Technology Center Kaštanová 64, 620 00 BRNO, CZ tlf: +420 515 535 134 fax: +420 515 535 134 gsm: +420 724 951 702 e-mail : [email protected] www.kajot.com _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
