Hello,
The version is 4.1.8-1.2.uyuni.noarch (the existing today on the suse
repos).
Thanks for your help.
Nuno
From: Pau Garcia Quiles [mailto:pau.garcia@suse.com]
Sent: 28 May 2020 20:13
To: Nuno Higgs; uyuni-users@opensuse.org
Subject: RE: [uyuni-users] spacewalk-repo-sync - repomd.xml
Hi
What product (Uyuni or SUSE Manager?) and version are we talking about?
This may have been introduced in Uyuni 2020.03 or Uyuni 2020.04 (can't
really remember) when we added support for signed Debian metadata but I
think we have fixed that already.
Thank you
Pau Garcia Quiles
SUSE Manager Product Owner & Technical Project Manager
Phone: +1 385-666-5608
SUSE Software Solutions Spain
_____
De: Nuno Higgs mailto:suse@labs.nuneshiggs.com >
Enviado: jueves, 28 de mayo de 2020 19:56
Para: uyuni-users@opensuse.org mailto:uyuni-users@opensuse.org
mailto:uyuni-users@opensuse.org >
Asunto: [uyuni-users] spacewalk-repo-sync - repomd.xml
Hello all.
I've recently came over form spacewalk to suse manager, and found an issue,
regarding spacewalk-repo-sync, because some of my inhouse software providers
do not sign their repomd.xml file:
# spacewalk-repo-sync --channel inhousechannel
06:42:48 ======================================
06:42:48 | Channel: inhousechannel
06:42:48 ======================================
06:42:48 Sync of channel started.
Preparing custom SSL CAPATH at /var/cache/rhn/reposync/.ssl-certs/1
Retrieving repository 'inhousechannel' metadata
----------------------------------------------------------------[]
Warning: File 'repomd.xml' from repository 'inhousechannel' is unsigned.
Note: Signing data enables the recipient to verify that no modifications
occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead
to a corrupted system and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It
ensures the integrity of the whole repo.
Warning: We can't verify that no one meddled with this file, so it might
not be trustworthy anymore! You should not continue unless you know it's
safe.
File 'repomd.xml' from repository 'inhousechannel' is unsigned, continue?
[yes/no] (no):
If i press y, the sync will occur, but i was wondering if there is a flag i
can pass for the missing xml signature being ignored?
I know that is a BAD security error to do so, but at the present i really do
not have any choice.
Can you help me please?
Thanks
Nuno