On your spacewalk server, visit /rhn/keys/CryptoKeysList.do and make
sure you add all GPG keys you want your systems to be able to
reference. In your kickstart profile, visit
rhn/kickstart/KickstartCryptoKeysList.do (System Details, GPG&SSL).
Put a checkbox next to each GPG key you want installed during the
kickstart. These keys will NOT be imported pre-kickstart so you will
be unable to kickstart-install packages from third-party repos unless
you add those keys during %pre.
We have snippets configured in our kickstart to import the GPG keys
required for all packages during the kickstart. For example, I have a
snippet as follows for old RHEL 6 stuff:
wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
http://$http_server/pub/RPM-GPG-KEY-EPEL-6 && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
if [ "$?" != 0 ]; then
echo "Failed to import EPEL-7 key"
fi
wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-spacewalk-2015
http://$http_server/pub/RPM-GPG-KEY-spacewalk-2015 && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-spacewalk-2015
if [ "$?" != 0 ]; then
echo "Failed to import Spacewalk-2015 key"
fi
wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-splunk
http://$http_server/pub/RPM-GPG-KEY-splunk && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-splunk
if [ "$?" != 0 ]; then
echo "Failed to import Splunk key"
fi
wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-vmware-tools
http://$http_server/pub/RPM-GPG-KEY-vmware-tools && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-vmware-tools
if [ "$?" != 0 ]; then
echo "Failed to import VMware Tools key"
fi
I then reference $SNIPPET('spacewalk/1/import-gpg-keys-el6') as a
"Pre" script in my kickstart profile. This allows me to install the
splunkforwarder and vmware-tools RPM as part of %packages instead of
later or post-kickstart.
/Brian/
On Fri, Mar 6, 2020 at 1:59 PM Stefan Bluhm wrote:
>
> Hello Laurence,
>
> we actually had the question here a few days ago.
>
> The field GPG key on the channel setup is information for the package
> installer on the CLIENT. It tells the package installer on the client where
> to find the GPG key for these packages. You have to enter it from the client
> point of view (in the same format the client would use it). So no URL. It
> must be a client local file location.
>
> 1. When you use Spacewalk to kickstart a server, you can configure the keys
> there and they get deployed on each new build.
> 2. When you provision otherwise, you have to place the non-default keys (i.e.
> not included in the OS) manually onto the server. How about adding the keys
> to a configuration channel and auto-deploy the channel contents on each new
> registration? You could then also use the channel to push new repos/keys to
> all clients, if required.
>
> Best wishes,
>
> Stefan
>
>
>
> Von: "Laurence Rosen"
> An: "spacewalk-list"
> Gesendet: Freitag, 6. März 2020 19:29:31
> Betreff: [Spacewalk-list] channels and gpg key fields
>
> Is there any doc that describes these fields other than how to fill them out?
> What are they for, as they don't seem to do anything and aren't used by yum
> to automatically add them to a client?
>
> To register new clients, my script has to do a wget the keys from /pub/gpg on
> my server and save in /etc/pki/rpm-gpg, but it seems like the channel should
> beagle to be utilized somehow.
>
> I have searched quite a bit looking for the answers on my own and thought I
> had seen and old spacewalk-list mention but cannot find again.
>
>
> ***
>
> This e-mail and any of its attachments may contain Interactions LLC
> proprietary information, which is privileged, confidential, or subject to
> copyright belonging to the Interactions LLC. This e-mail is intended solely
> for the use of the individual or entity to which it is addressed. If you are
> not the intended recipient of this e-mail, you are hereby notified that any
> dissemination, distribution, copying, or action taken in relation to the
> contents of and attachments to this e-mail is strictly prohibited and may be
> unlawful. If you have received this e-mail in error, please notify the sender
> immediately and permanently delete the original and any copy of this e-mail
> and any printout. Thank You.
>
> ***
>
>
> ___
> Spacewalk-list mailing list
> Spacewalk-list@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> ___
> Spacewalk-list mailing list
> Spacewalk-list@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list