Hi Stanislav, > Is this the supposed behaviour? Am I missing something?
Yes, spacewalk/Yum will refuse to install packages or import the key without manual intervention (yum -y install xxxx or accepting the keys in yum) I ran into the same issue previously. I added GPG keys to kickstart for new nodes, and then use Puppet to push out and install new/updated keys to existing nodes. If you have the keys on an accessible web-server inside your environment, you could use Ansible to fetch and install the key(s) on one-or-many nodes as well. - Charles On Feb 26, 2014, at 4:49 AM, Stanislav Zidek <[email protected]> wrote: > Hi everybody, > > we are using Spacewalk 2.0 in our company and it is really amazing, > thanks for your hard work. > > Recently, I was thinking about ways to centrally manage GPG keys which > sign RPM packages. I am aware of the posibility to import them during > the kickstart of newly installed machines, which I do, but since I > occasionally add new subchannels with new repositories and subscribe > existing clients to them, I would be glad for a way to manage it centrally. > > Specifying and using GPG files specified on per-channel basis seems to > me as the most convenient way (since Spacewalk allows you to specify GPG > key in channel properties). I searched this mailing list and found a > relevant post that says: "for spacewalk channel yum will automatically > import only keys from file:///etc/pki/rpm-gpg for security r[a]esons". > According to my test, it is true (if I run "yum install -y <package>", > it works on client without corresponding GPG key IF the key is specified > in channel properties and it is located in /etc/pki/rpm-gpg on client > machine. > > However, this procedure fails with message: > > Client execution returned "Error while executing packages action: > Refusing to automatically import keys when running unattended. [[6]]" > (code -1) > > if I try to install the package from web interface (System -> select -> > Software -> Packages -> Install). > > Is this the supposed behaviour? Am I missing something? > > S. > > -- > Stanislav Židek > Bezpečnostní konzultant/analytik > Security Consultant/Analyst > > Technické oddělení on-line systémy > Sekce - bezpečnost > C.S.G. Software Group Limited > organizační složka > Kaštanová 64, 620 00 BRNO, CZ > IČ:27741362 DIČ:CZ27741362 > > Office : KAJOT Technology Center > Kaštanová 64, 620 00 BRNO, CZ > tlf: +420 515 535 134 fax: +420 515 535 134 > gsm: +420 724 951 702 > > e-mail : [email protected] > www.kajot.com > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
