how to import GPG Keys in Uyuni (RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported)
Hi List, i added " https://downloads.linux.hpe.com/SDR/repo/spp-gen10/SUSE/15/x86_64/current/" as a custom channel in Uyuni. If i want to sync its repo with checked "Has Signed Metadata?" Box i always get this error in my reposync log: RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported If that box is unchecked it syncs fine. - I filled out the "Security: GPG" Fields with data from " https://downloads.linux.hpe.com/SDR/keys.html" - added the Key to "Systems > Autoinstallation > GPG and SSL Keys", and - did rpm --import on my uyuni server Is there a way to add more verbosity to that log so i can ensure i really added the right key (should be gpg-pubkey-26c2b797-5669d0b9)? Thanks, Heiner
Reading https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ custom-channels.html#_creating_custom_channels_and_repositories But this part could be more clear, so I will create a card about it, for our doc squad. For now, what I can tell for sure is that if you use `spacewalk-repo-sync`, to sync one of the channels where the repository is used, you will get a question to trust (forever, for now, or to avoid trusting) the GPG key. On lunes, 12 de julio de 2021 16:17:49 (CEST) Heiner Wulfhorst wrote:
Hi List,
i added " https://downloads.linux.hpe.com/SDR/repo/spp-gen10/SUSE/15/x86_64/current/" as a custom channel in Uyuni. If i want to sync its repo with checked "Has Signed Metadata?" Box i always get this error in my reposync log: RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported If that box is unchecked it syncs fine.
- I filled out the "Security: GPG" Fields with data from " https://downloads.linux.hpe.com/SDR/keys.html" - added the Key to "Systems > Autoinstallation > GPG and SSL Keys", and - did rpm --import on my uyuni server
Is there a way to add more verbosity to that log so i can ensure i really added the right key (should be gpg-pubkey-26c2b797-5669d0b9)?
Thanks, Heiner
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com
Hi Julio, thanks again, you got me on track again! I also found the doc you mentioned, but they just advise to uncheck the box - for external URLs maybe not the best option. extending that doc seems useful. Your Tip worked for me: I took the command from the log, removed "--non-interactive" and it gave me the option to always trust that key. After that I synced from GUI again and it worked. It would be great if uyuni would trust the key once it is added to "Security: GPG" and/or "Systems > Autoinstallation > GPG and SSL Keys" (like mentioned in my first mail), maybe that's something for a next release ;) BR, Heiner Am Mo., 12. Juli 2021 um 16:30 Uhr schrieb Julio Gonzalez < jgonzalez@suse.com>:
Reading https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ custom-channels.html#_creating_custom_channels_and_repositories <https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/custom-channels.html#_creating_custom_channels_and_repositories>
But this part could be more clear, so I will create a card about it, for our doc squad.
For now, what I can tell for sure is that if you use `spacewalk-repo-sync`, to sync one of the channels where the repository is used, you will get a question to trust (forever, for now, or to avoid trusting) the GPG key.
On lunes, 12 de julio de 2021 16:17:49 (CEST) Heiner Wulfhorst wrote:
Hi List,
i added "
https://downloads.linux.hpe.com/SDR/repo/spp-gen10/SUSE/15/x86_64/current/ "
as a custom channel in Uyuni. If i want to sync its repo with checked "Has Signed Metadata?" Box i always get this error in my reposync log: RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported If that box is unchecked it syncs fine.
- I filled out the "Security: GPG" Fields with data from " https://downloads.linux.hpe.com/SDR/keys.html" - added the Key to "Systems > Autoinstallation > GPG and SSL Keys", and - did rpm --import on my uyuni server
Is there a way to add more verbosity to that log so i can ensure i really added the right key (should be gpg-pubkey-26c2b797-5669d0b9)?
Thanks, Heiner
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com
participants (2)
-
Heiner Wulfhorst
-
Julio Gonzalez