Hi Am Mittwoch, 28. September 2022, 20:01:16 CEST schrieb Paul-Andre Panon via Uyuni Users:
Hi,
I've been running into an issue with our CentOS 7 clients. We didn't have this problem before but seem to have it with recent client additions. When trying to change the base and child channels for a CentOS 7 system, the change fails and corrupts the client repo config file at /etc/yum.repos.d/susemanager:channels.repo. The gpgkey= lines somehow have the non-Uyuni repo signing keys still in there, with the Uyuni key on a separate line immediately after. For example [susemanager:centos7-x86_64] name=CentOS 7 (x86_64) enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 file:///etc/pki/rpm-gpg/mgr-gpg-pub.key baseurl=https://carmd-nv-uyuni1.sierrawireless.local:443/rhn/manager/download/centos... susemanager_token=eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2OTUyNDgzNzEsImlhdCI6MTY2MzcxMjM3MSwibmJmIjoxNjYzNzEyMjUxLCJqdGkiOiI0UkhWYWUzU0VnTngwRk1yaXFsWG13Iiwib3JnIjoxLCJvbmx5Q2hhbm5lbHMiOlsiY2VudG9zNy14ODZfNjQiXX0.EoqL2bHAZ4li3FGsXuatKny5BU0qJ1aDbdJifTD_Gkw gpgcheck=1 repo_gpgcheck=1 type=rpm-md
Instead that gpgkey line should just look like gpgkey=file:///etc/pki/rpm-gpg/mgr-gpg-pub.key
It currently only seems to happen with the CentOS 7 clients. Is this a bug in a recent CentOS client update, or a database issue?
No, I think this is ok and also from the syntax it should work, if the man page is correct ------------------------------------------------------ yum.conf(5) - Linux man page ... gpgkey A URL pointing to the ASCII-armored GPG key file for the repository. This option is used if yum needs a public key to verify a package and the required key hasn't been imported into the RPM database. If this option is set, yum will automatically import the key from the specified URL. You will be prompted before the key is installed unless the assumeyes option is set. Multiple URLs may be specified here in the same manner as the baseurl option (above). If a GPG key is required to install a package from a repository, all keys specified for that repository will be installed. ... baseurl Must be a URL to the directory where the yum repository's 'repodata' directory lives. Can be an http://, ftp:// or file:// URL. You can specify multiple URLs in one baseurl statement. The best way to do this is like this: [repositoryid] name=Some name for this repository baseurl=url://server1/path/to/repository/ url://server2/path/to/repository/ url://server3/path/to/repository/ If you list more than one baseurl= statement in a repository you will find yum will ignore the earlier ones and probably act bizarrely. Don't do this, you've been warned. You can use HTTP basic auth by prepending "user:password@" to the server name in the baseurl line. For example: "baseurl=http://user:passwd@example.com/". ------------------------------------------------------ I would say, both keys should be used if you refresh and install from this repo. -- Regards Michael Calmer -------------------------------------------------------------------------- Michael Calmer SUSE Software Solutions Germany GmbH, Frankenstraße 146, D-90461 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: Michael.Calmer@suse.com -------------------------------------------------------------------------- SUSE Software Solutions Germany GmbH, GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman (HRB 36809, AG Nürnberg)