Discussion:
[Spacewalk-list] spacewalk client not seeing signed rpms, or Public key not installed error
Janet Houser
2011-04-11 10:28:25 UTC
Permalink
Hi,

I'm a newbie and just installed spacewalk on my centos 5.5 server. I
chose to install the software with the postgres,
rather than oracle, database.

I've followed the install instructions on this link:

http://wiki.centos.org/HowTos/PackageManagement/Spacewalk

deviating only slightly to make changes for postgres instead of oracle.
Instructions were taken from the
following pages:

https://fedorahosted.org/spacewalk/wiki/HowToInstall12
https://fedorahosted.org/spacewalk/wiki/PostgreSQLServerSetup
https://fedorahosted.org/spacewalk/wiki/HowToInstall11
https://fedorahosted.org/spacewalk/wiki/PostgreSQL

Per the instructions I installed and synced the CentOS5 base, update and
spacewalk client channels. I also
setup a client machine and was able to yum install a package from the
CentOS Base repository on my spacewalk
server.

I need to keep separate yum repositories for a few systems who require
specialized rpm installations. Following
the links above, I tried to create a personal yum repository channel and
"sign" the files with my own generated
gpg key (I also imported this key on my client machine).

However, when I try to do a "yum install xxdiff" (and example of an
extra rpm found outside the base repository)
I get the error: Public key for xxdiff-3.2-12.0.cf.rhel5.i386.rpm is
not installed. I tried to import another rpm
without doing a "gpg --resign" on it prior to installation and recieved
the error "Package nxclient-3.4.0-7.i386.rpm is not signed".

I tried resigning the xxdiff rpm and got the error: "warning:
xxdiff-3.2-12.0.cf.rhel5.i386.rpm: was already signed by key ID
da5485bc, skipping"
so I know the rpm is signed, and it looks like it is by the correct gpg
key that I created using the command "gpg --gen-key". The key
was exported and then rpm --import -ed to my server. It shows up in
the gpg --list-keys command.

It seems as though the issue is on the client side, but I can't be
sure. When I try to do a "yum install xxdiff", along with the public key
error, I also get the error:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID
b56a8bac

For some reason, it is seeing a different key for the package.
Instead of a yum install, I tried to schedule an install from the
spacewalk server to the client. A push instead of a pull process.
The install failed. A "rhn_check -vvvvvv" on the client showed the
following error:
-------
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID b56a8bac
D: May free Score board((nil))
D: Sending back response ((6,), 'Error while executing packages action:
Public key for xxdiff-3.2-12.0.cf.rhel5.i386.rpm is not installed', {})
XMLRPC ProtocolError: <ProtocolError for mymachine /XMLRPC: 500 Internal
Server Error>
-------

I know I'm doing some basic newbie error, but I'm not sure what it is.
BTW, the command "rpm -q gpg-pubkey" on both
the client and server show the repository key I created is installed.
It seems I am missing a critical step when I setup my
own repository.


I'm wondering if I have a bigger problem with my installation and it is
manifesting itself with the client. When I initially
login to the server with my created "admin" password, I always get two
https errors. After I close the error boxes, I'm
presented with the Overview page. I don't see any obvious errors in the
httpd ssl logs.

If someone could direct me to some configuration examples or readmes on
how to set up a personal repository using
spacewalk, I'd be grateful.
thanks. sorry for the length of the post.
Janet Houser
2011-04-11 14:13:41 UTC
Permalink
Issue resolved. A typo in the GPG key URL destination of my personal
repository was the cause. Method of gpg
key generation and key reassignment appears working.

Sorry for the error.
Post by Janet Houser
Hi,
I'm a newbie and just installed spacewalk on my centos 5.5 server. I
chose to install the software with the postgres,
rather than oracle, database.
http://wiki.centos.org/HowTos/PackageManagement/Spacewalk
deviating only slightly to make changes for postgres instead of
oracle. Instructions were taken from the
https://fedorahosted.org/spacewalk/wiki/HowToInstall12
https://fedorahosted.org/spacewalk/wiki/PostgreSQLServerSetup
https://fedorahosted.org/spacewalk/wiki/HowToInstall11
https://fedorahosted.org/spacewalk/wiki/PostgreSQL
Per the instructions I installed and synced the CentOS5 base, update
and spacewalk client channels. I also
setup a client machine and was able to yum install a package from the
CentOS Base repository on my spacewalk
server.
I need to keep separate yum repositories for a few systems who require
specialized rpm installations. Following
the links above, I tried to create a personal yum repository channel
and "sign" the files with my own generated
gpg key (I also imported this key on my client machine).
However, when I try to do a "yum install xxdiff" (and example of an
extra rpm found outside the base repository)
I get the error: Public key for xxdiff-3.2-12.0.cf.rhel5.i386.rpm is
not installed. I tried to import another rpm
without doing a "gpg --resign" on it prior to installation and
recieved the error "Package nxclient-3.4.0-7.i386.rpm is not signed".
xxdiff-3.2-12.0.cf.rhel5.i386.rpm: was already signed by key ID
da5485bc, skipping"
so I know the rpm is signed, and it looks like it is by the correct
gpg key that I created using the command "gpg --gen-key". The key
was exported and then rpm --import -ed to my server. It shows up in
the gpg --list-keys command.
It seems as though the issue is on the client side, but I can't be
sure. When I try to do a "yum install xxdiff", along with the public key
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID b56a8bac
For some reason, it is seeing a different key for the package.
Instead of a yum install, I tried to schedule an install from the
spacewalk server to the client. A push instead of a pull process.
The install failed. A "rhn_check -vvvvvv" on the client showed the
-------
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID b56a8bac
D: May free Score board((nil))
D: Sending back response ((6,), 'Error while executing packages
action: Public key for xxdiff-3.2-12.0.cf.rhel5.i386.rpm is not
installed', {})
XMLRPC ProtocolError: <ProtocolError for mymachine /XMLRPC: 500
Internal Server Error>
-------
I know I'm doing some basic newbie error, but I'm not sure what it
is. BTW, the command "rpm -q gpg-pubkey" on both
the client and server show the repository key I created is installed.
It seems I am missing a critical step when I setup my
own repository.
I'm wondering if I have a bigger problem with my installation and it
is manifesting itself with the client. When I initially
login to the server with my created "admin" password, I always get two
https errors. After I close the error boxes, I'm
presented with the Overview page. I don't see any obvious errors in
the httpd ssl logs.
If someone could direct me to some configuration examples or readmes
on how to set up a personal repository using
spacewalk, I'd be grateful.
thanks. sorry for the length of the post.
Janet Houser
2011-04-12 15:39:45 UTC
Permalink
Unfortunately, this issue is intermittent and remains unsolved. Some
resigned rpms work, others don't. Communication on the client side
appears to be the issue. Perhaps this issue is related to using the
postgres db.

Found a workaround:

On the spacewalk client, edit the file
/etc/yum/pluginconf.d/rhnplugin.conf. Add the name of your
personal spacewalk repository where various gpg signed rpm exist via an
entry of the form:

[my-custom-spacewalk-channel]
gpgcheck = 0

Loading...