GPG Key errors updating foreman-proxy servers

Support
1

I have been updating my foreman proxy servers to be fully updated now that
I'm running Foreman 1.6.

I ran "yum update foreman*" and when I accepted the packages to be updated
I received this:

The GPG keys listed for the "Foreman stable repository" repository are
already installed but they are not correct for this package.

My proxies are managed using foreman_proxy puppet module. The only way I
was able to get them to update was replace "gpgkey" lines in the repo files
with a "file://" path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then
manually install the foreman-release RPM to get the file in place. Before
I changed the "gpgkey" line the value was
"http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of some
kind, or something else amiss?

Thanks,

  • Trey
2

Hello,

I believe this belongs to:

https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ

Can you confirm please?

LZ

··· On Mon, Oct 06, 2014 at 09:52:31AM -0700, treydock wrote: > I have been updating my foreman proxy servers to be fully updated now that > I'm running Foreman 1.6. > > I ran "yum update foreman\*" and when I accepted the packages to be updated > I received this: > > The GPG keys listed for the "Foreman stable repository" repository are > already installed but they are not correct for this package. > > My proxies are managed using foreman_proxy puppet module. The only way I > was able to get them to update was replace "gpgkey" lines in the repo files > with a "file://" path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then > manually install the foreman-release RPM to get the file in place. Before > I changed the "gpgkey" line the value was > "http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of some > kind, or something else amiss? > > Thanks, > - Trey > > -- > You received this message because you are subscribed to the Google Groups "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.


Later,
Lukas #lzap Zapletal

3

The systems I had to update are already updated. I have others I will
be updating shortly and will try those steps. I knew about the GPG
key change, but could not find steps to replace old with new.

Thanks,

  • Trey
··· On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal wrote: > Hello, > > I believe this belongs to: > > https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ > > Can you confirm please? > > LZ > > On Mon, Oct 06, 2014 at 09:52:31AM -0700, treydock wrote: >> I have been updating my foreman proxy servers to be fully updated now that >> I'm running Foreman 1.6. >> >> I ran "yum update foreman\*" and when I accepted the packages to be updated >> I received this: >> >> The GPG keys listed for the "Foreman stable repository" repository are >> already installed but they are not correct for this package. >> >> My proxies are managed using foreman_proxy puppet module. The only way I >> was able to get them to update was replace "gpgkey" lines in the repo files >> with a "file://" path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then >> manually install the foreman-release RPM to get the file in place. Before >> I changed the "gpgkey" line the value was >> "http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of some >> kind, or something else amiss? >> >> Thanks, >> - Trey >> >> -- >> You received this message because you are subscribed to the Google Groups "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com. >> To post to this group, send email to foreman-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. > > -- > Later, > Lukas #lzap Zapletal > > -- > You received this message because you are subscribed to a topic in the Google Groups "Foreman users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/topic/foreman-users/QWWeLacqDw4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.
4

Just tried on another host running foreman-proxy:

$ rpm -e gpg-pubkey-e775ff07-4cda3cf9
$ rpm --import http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ rpm -qi gpg-pubkey-1aa043b8-53b2e946 | gpg --with-fingerprint -

··· pub 4096R/1AA043B8 2014-07-01 Foreman Automatic Signing Key (2014) < packages@theforeman.org> Key fingerprint = 7059 542D 5AEA 367F 7873 2D02 B348 4CB7 1AA0 43B8 sub 4096R/3A85FC71 2014-07-01 [expires: 2016-06-30]

$ yum update foreman*
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile

  • webmin: download.webmin.com
    Setting up Update Process
    Resolving Dependencies
    –> Running transaction check
    —> Package foreman-installer.noarch 1:1.5.0-1.el6 will be updated
    —> Package foreman-installer.noarch 1:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem-apipie-bindings >= 0.0.6 for package:
    1:foreman-installer-1.6.0-1.el6.noarch
    –> Processing Dependency: foreman-selinux for package:
    1:foreman-installer-1.6.0-1.el6.noarch
    —> Package foreman-proxy.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-proxy.noarch 0:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem(bundler_ext) for package:
    foreman-proxy-1.6.0-1.el6.noarch
    —> Package foreman-release.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-release.noarch 0:1.6.0-1.el6 will be an update
    –> Running transaction check
    —> Package foreman-selinux.noarch 0:1.6.0-1.el6 will be installed
    –> Processing Dependency: policycoreutils-python for package:
    foreman-selinux-1.6.0-1.el6.noarch
    –> Processing Dependency: /usr/sbin/semanage for package:
    foreman-selinux-1.6.0-1.el6.noarch
    —> Package rubygem-apipie-bindings.noarch 0:0.0.8-4.el6 will be installed
    –> Processing Dependency: rubygem(fastercsv) for package:
    rubygem-apipie-bindings-0.0.8-4.el6.noarch
    –> Processing Dependency: rubygem(awesome_print) for package:
    rubygem-apipie-bindings-0.0.8-4.el6.noarch
    —> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el6 will be installed
    –> Processing Dependency: rubygem(bundler) for package:
    rubygem-bundler_ext-0.3.0-6.el6.noarch
    –> Running transaction check
    —> Package policycoreutils-python.x86_64 0:2.0.83-19.39.el6 will be
    installed
    –> Processing Dependency: libsemanage-python >= 2.0.43-4 for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: audit-libs-python >= 1.4.2-1 for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: setools-libs-python for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libselinux-python for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libcgroup for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    —> Package rubygem-awesome_print.noarch 0:1.0.2-10.el6 will be installed
    —> Package rubygem-bundler.noarch 0:1.0.15-3.el6 will be installed
    –> Processing Dependency: rubygem(thor) = 0.14.6 for package:
    rubygem-bundler-1.0.15-3.el6.noarch
    —> Package rubygem-fastercsv.noarch 0:1.5.4-1.el6 will be installed
    –> Running transaction check
    —> Package audit-libs-python.x86_64 0:2.2-4.el6_5 will be installed
    –> Processing Dependency: audit-libs = 2.2-4.el6_5 for package:
    audit-libs-python-2.2-4.el6_5.x86_64
    —> Package libcgroup.x86_64 0:0.40.rc1-6.el6_5.1 will be installed
    —> Package libselinux-python.x86_64 0:2.0.94-5.3.el6_4.1 will be installed
    —> Package libsemanage-python.x86_64 0:2.0.43-4.2.el6 will be installed
    —> Package rubygem-thor.noarch 0:0.14.6-2.el6 will be installed
    —> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be installed
    –> Processing Dependency: setools-libs = 3.3.7-4.el6 for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4(VERS_4.0)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.2)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.1)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.3)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.3)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.2)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.1)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Running transaction check
    —> Package audit-libs.x86_64 0:2.2-2.el6 will be updated
    –> Processing Dependency: audit-libs = 2.2-2.el6 for package:
    audit-2.2-2.el6.x86_64
    —> Package audit-libs.x86_64 0:2.2-4.el6_5 will be an update
    —> Package setools-libs.x86_64 0:3.3.7-4.el6 will be installed
    –> Running transaction check
    —> Package audit.x86_64 0:2.2-2.el6 will be updated
    —> Package audit.x86_64 0:2.2-4.el6_5 will be an update
    –> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================================================================
Package Arch
Version
Repository
Size

Updating:
foreman-installer noarch
1:1.6.0-1.el6
foreman_proxy
774 k
foreman-proxy noarch
1.6.0-1.el6
foreman_proxy
90 k
foreman-release noarch
1.6.0-1.el6
foreman_proxy
14 k
Installing for dependencies:
audit-libs-python x86_64
2.2-4.el6_5
centos-updates
59 k
foreman-selinux noarch
1.6.0-1.el6
foreman_proxy
43 k
libcgroup x86_64
0.40.rc1-6.el6_5.1
centos-updates
126 k
libselinux-python x86_64
2.0.94-5.3.el6_4.1
centos-base
202 k
libsemanage-python x86_64
2.0.43-4.2.el6
centos-base
81 k
policycoreutils-python x86_64
2.0.83-19.39.el6
centos-base
343 k
rubygem-apipie-bindings noarch
0.0.8-4.el6
foreman_proxy
20 k
rubygem-awesome_print noarch
1.0.2-10.el6
foreman_proxy
40 k
rubygem-bundler noarch
1.0.15-3.el6
foreman_proxy
260 k
rubygem-bundler_ext noarch
0.3.0-6.el6
foreman_proxy
7.9 k
rubygem-fastercsv noarch
1.5.4-1.el6
epel
299 k
rubygem-thor noarch
0.14.6-2.el6
foreman_proxy
263 k
setools-libs x86_64
3.3.7-4.el6
centos-base
400 k
setools-libs-python x86_64
3.3.7-4.el6
centos-base
222 k
Updating for dependencies:
audit x86_64
2.2-4.el6_5
centos-updates
225 k
audit-libs x86_64
2.2-4.el6_5
centos-updates
60 k

Transaction Summary

Install 14 Package(s)
Upgrade 5 Package(s)

Total size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID 667d1f07:
NOKEY
Retrieving key from http://yum.theforeman.org/RPM-GPG-KEY-foreman

The GPG keys listed for the “Foreman stable repository” repository are
already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

$ cat /etc/yum.repos.d/foreman_proxy.repo
[foreman_proxy]
name=Foreman stable repository
baseurl=http://yum.theforeman.org/releases/latest/el6/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ cat /etc/yum.repos.d/foreman_proxy-source.repo
[foreman_proxy-source]
name=Foreman stable source repository
baseurl=http://yum.theforeman.org/releases/latest/el6/source
enabled=0
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman

Thoughts?

I’ll leave this system not upgraded as a way to help debug the issue.

  • Trey

On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal lzap@redhat.com wrote:

Hello,

I believe this belongs to:

https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ

Can you confirm please?

LZ

On Mon, Oct 06, 2014 at 09:52:31AM -0700, treydock wrote:

I have been updating my foreman proxy servers to be fully updated now
that
I’m running Foreman 1.6.

I ran “yum update foreman*” and when I accepted the packages to be
updated
I received this:

The GPG keys listed for the “Foreman stable repository” repository are
already installed but they are not correct for this package.

My proxies are managed using foreman_proxy puppet module. The only way I
was able to get them to update was replace “gpgkey” lines in the repo
files
with a “file://” path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then
manually install the foreman-release RPM to get the file in place.
Before
I changed the “gpgkey” line the value was
"http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of some
kind, or something else amiss?

Thanks,

  • Trey


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Later,
Lukas #lzap Zapletal


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/QWWeLacqDw4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

5

I observed the same problem when using the 1.6 repos on a CentOS 6.5 server. You need to pin the repo to 1.5 instead of "latest".

Best
Felix

··· -- Felix Gilcher Geschäftsführer

m. +49 172 840 88 28

asquera GmbH
Ohlauer Straße 43
D-10999 Berlin

AG Charlottenburg, HRB 140808 B
Geschäftsführung: Felix Gilcher, Florian Gilcher

On 06 Oct 2014, at 20:28, Trey Dockendorf treydock@gmail.com wrote:

Just tried on another host running foreman-proxy:

$ rpm -e gpg-pubkey-e775ff07-4cda3cf9
$ rpm --import http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ rpm -qi gpg-pubkey-1aa043b8-53b2e946 | gpg --with-fingerprint -
pub 4096R/1AA043B8 2014-07-01 Foreman Automatic Signing Key (2014) packages@theforeman.org
Key fingerprint = 7059 542D 5AEA 367F 7873 2D02 B348 4CB7 1AA0 43B8
sub 4096R/3A85FC71 2014-07-01 [expires: 2016-06-30]

$ yum update foreman*
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile

  • webmin: download.webmin.com
    Setting up Update Process
    Resolving Dependencies
    –> Running transaction check
    —> Package foreman-installer.noarch 1:1.5.0-1.el6 will be updated
    —> Package foreman-installer.noarch 1:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem-apipie-bindings >= 0.0.6 for package: 1:foreman-installer-1.6.0-1.el6.noarch
    –> Processing Dependency: foreman-selinux for package: 1:foreman-installer-1.6.0-1.el6.noarch
    —> Package foreman-proxy.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-proxy.noarch 0:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem(bundler_ext) for package: foreman-proxy-1.6.0-1.el6.noarch
    —> Package foreman-release.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-release.noarch 0:1.6.0-1.el6 will be an update
    –> Running transaction check
    —> Package foreman-selinux.noarch 0:1.6.0-1.el6 will be installed
    –> Processing Dependency: policycoreutils-python for package: foreman-selinux-1.6.0-1.el6.noarch
    –> Processing Dependency: /usr/sbin/semanage for package: foreman-selinux-1.6.0-1.el6.noarch
    —> Package rubygem-apipie-bindings.noarch 0:0.0.8-4.el6 will be installed
    –> Processing Dependency: rubygem(fastercsv) for package: rubygem-apipie-bindings-0.0.8-4.el6.noarch
    –> Processing Dependency: rubygem(awesome_print) for package: rubygem-apipie-bindings-0.0.8-4.el6.noarch
    —> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el6 will be installed
    –> Processing Dependency: rubygem(bundler) for package: rubygem-bundler_ext-0.3.0-6.el6.noarch
    –> Running transaction check
    —> Package policycoreutils-python.x86_64 0:2.0.83-19.39.el6 will be installed
    –> Processing Dependency: libsemanage-python >= 2.0.43-4 for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: audit-libs-python >= 1.4.2-1 for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: setools-libs-python for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libselinux-python for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libcgroup for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    —> Package rubygem-awesome_print.noarch 0:1.0.2-10.el6 will be installed
    —> Package rubygem-bundler.noarch 0:1.0.15-3.el6 will be installed
    –> Processing Dependency: rubygem(thor) = 0.14.6 for package: rubygem-bundler-1.0.15-3.el6.noarch
    —> Package rubygem-fastercsv.noarch 0:1.5.4-1.el6 will be installed
    –> Running transaction check
    —> Package audit-libs-python.x86_64 0:2.2-4.el6_5 will be installed
    –> Processing Dependency: audit-libs = 2.2-4.el6_5 for package: audit-libs-python-2.2-4.el6_5.x86_64
    —> Package libcgroup.x86_64 0:0.40.rc1-6.el6_5.1 will be installed
    —> Package libselinux-python.x86_64 0:2.0.94-5.3.el6_4.1 will be installed
    —> Package libsemanage-python.x86_64 0:2.0.43-4.2.el6 will be installed
    —> Package rubygem-thor.noarch 0:0.14.6-2.el6 will be installed
    —> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be installed
    –> Processing Dependency: setools-libs = 3.3.7-4.el6 for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4(VERS_4.0)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.2)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.1)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.3)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.3)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.2)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.1)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Running transaction check
    —> Package audit-libs.x86_64 0:2.2-2.el6 will be updated
    –> Processing Dependency: audit-libs = 2.2-2.el6 for package: audit-2.2-2.el6.x86_64
    —> Package audit-libs.x86_64 0:2.2-4.el6_5 will be an update
    —> Package setools-libs.x86_64 0:3.3.7-4.el6 will be installed
    –> Running transaction check
    —> Package audit.x86_64 0:2.2-2.el6 will be updated
    —> Package audit.x86_64 0:2.2-4.el6_5 will be an update
    –> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================================================================
Package Arch Version Repository Size

Updating:
foreman-installer noarch 1:1.6.0-1.el6 foreman_proxy 774 k
foreman-proxy noarch 1.6.0-1.el6 foreman_proxy 90 k
foreman-release noarch 1.6.0-1.el6 foreman_proxy 14 k
Installing for dependencies:
audit-libs-python x86_64 2.2-4.el6_5 centos-updates 59 k
foreman-selinux noarch 1.6.0-1.el6 foreman_proxy 43 k
libcgroup x86_64 0.40.rc1-6.el6_5.1 centos-updates 126 k
libselinux-python x86_64 2.0.94-5.3.el6_4.1 centos-base 202 k
libsemanage-python x86_64 2.0.43-4.2.el6 centos-base 81 k
policycoreutils-python x86_64 2.0.83-19.39.el6 centos-base 343 k
rubygem-apipie-bindings noarch 0.0.8-4.el6 foreman_proxy 20 k
rubygem-awesome_print noarch 1.0.2-10.el6 foreman_proxy 40 k
rubygem-bundler noarch 1.0.15-3.el6 foreman_proxy 260 k
rubygem-bundler_ext noarch 0.3.0-6.el6 foreman_proxy 7.9 k
rubygem-fastercsv noarch 1.5.4-1.el6 epel 299 k
rubygem-thor noarch 0.14.6-2.el6 foreman_proxy 263 k
setools-libs x86_64 3.3.7-4.el6 centos-base 400 k
setools-libs-python x86_64 3.3.7-4.el6 centos-base 222 k
Updating for dependencies:
audit x86_64 2.2-4.el6_5 centos-updates 225 k
audit-libs x86_64 2.2-4.el6_5 centos-updates 60 k

Transaction Summary

Install 14 Package(s)
Upgrade 5 Package(s)

Total size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID 667d1f07: NOKEY
Retrieving key from http://yum.theforeman.org/RPM-GPG-KEY-foreman

The GPG keys listed for the “Foreman stable repository” repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

$ cat /etc/yum.repos.d/foreman_proxy.repo
[foreman_proxy]
name=Foreman stable repository
baseurl=http://yum.theforeman.org/releases/latest/el6/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ cat /etc/yum.repos.d/foreman_proxy-source.repo
[foreman_proxy-source]
name=Foreman stable source repository
baseurl=http://yum.theforeman.org/releases/latest/el6/source
enabled=0
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman

Thoughts?

I’ll leave this system not upgraded as a way to help debug the issue.

  • Trey

On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal lzap@redhat.com wrote:
Hello,

I believe this belongs to:

https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ

Can you confirm please?

LZ

On Mon, Oct 06, 2014 at 09:52:31AM -0700, treydock wrote:

I have been updating my foreman proxy servers to be fully updated now that
I’m running Foreman 1.6.

I ran “yum update foreman*” and when I accepted the packages to be updated
I received this:

The GPG keys listed for the “Foreman stable repository” repository are
already installed but they are not correct for this package.

My proxies are managed using foreman_proxy puppet module. The only way I
was able to get them to update was replace “gpgkey” lines in the repo files
with a “file://” path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then
manually install the foreman-release RPM to get the file in place. Before
I changed the “gpgkey” line the value was
"http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of some
kind, or something else amiss?

Thanks,

  • Trey


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Later,
Lukas #lzap Zapletal


You received this message because you are subscribed to a topic in the Google Groups “Foreman users” group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/foreman-users/QWWeLacqDw4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.

6

In my case I'm attempting to update to 1.6, so am not sure the 1.5 pinning
would help.

  • Trey
··· On Oct 6, 2014 2:52 PM, "Felix Gilcher" wrote:

I observed the same problem when using the 1.6 repos on a CentOS 6.5
server. You need to pin the repo to 1.5 instead of “latest”.

Best
Felix

Felix Gilcher
Geschäftsführer

m. +49 172 840 88 28

asquera GmbH
Ohlauer Straße 43
D-10999 Berlin

AG Charlottenburg, HRB 140808 B
Geschäftsführung: Felix Gilcher, Florian Gilcher

On 06 Oct 2014, at 20:28, Trey Dockendorf treydock@gmail.com wrote:

Just tried on another host running foreman-proxy:

$ rpm -e gpg-pubkey-e775ff07-4cda3cf9
$ rpm --import http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ rpm -qi gpg-pubkey-1aa043b8-53b2e946 | gpg --with-fingerprint -
pub 4096R/1AA043B8 2014-07-01 Foreman Automatic Signing Key (2014) <
packages@theforeman.org>
Key fingerprint = 7059 542D 5AEA 367F 7873 2D02 B348 4CB7 1AA0
43B8
sub 4096R/3A85FC71 2014-07-01 [expires: 2016-06-30]

$ yum update foreman*
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile

  • webmin: download.webmin.com
    Setting up Update Process
    Resolving Dependencies
    –> Running transaction check
    —> Package foreman-installer.noarch 1:1.5.0-1.el6 will be updated
    —> Package foreman-installer.noarch 1:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem-apipie-bindings >= 0.0.6 for package:
    1:foreman-installer-1.6.0-1.el6.noarch
    –> Processing Dependency: foreman-selinux for package:
    1:foreman-installer-1.6.0-1.el6.noarch
    —> Package foreman-proxy.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-proxy.noarch 0:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem(bundler_ext) for package:
    foreman-proxy-1.6.0-1.el6.noarch
    —> Package foreman-release.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-release.noarch 0:1.6.0-1.el6 will be an update
    –> Running transaction check
    —> Package foreman-selinux.noarch 0:1.6.0-1.el6 will be installed
    –> Processing Dependency: policycoreutils-python for package:
    foreman-selinux-1.6.0-1.el6.noarch
    –> Processing Dependency: /usr/sbin/semanage for package:
    foreman-selinux-1.6.0-1.el6.noarch
    —> Package rubygem-apipie-bindings.noarch 0:0.0.8-4.el6 will be
    installed
    –> Processing Dependency: rubygem(fastercsv) for package:
    rubygem-apipie-bindings-0.0.8-4.el6.noarch
    –> Processing Dependency: rubygem(awesome_print) for package:
    rubygem-apipie-bindings-0.0.8-4.el6.noarch
    —> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el6 will be installed
    –> Processing Dependency: rubygem(bundler) for package:
    rubygem-bundler_ext-0.3.0-6.el6.noarch
    –> Running transaction check
    —> Package policycoreutils-python.x86_64 0:2.0.83-19.39.el6 will be
    installed
    –> Processing Dependency: libsemanage-python >= 2.0.43-4 for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: audit-libs-python >= 1.4.2-1 for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: setools-libs-python for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libselinux-python for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libcgroup for package:
    policycoreutils-python-2.0.83-19.39.el6.x86_64
    —> Package rubygem-awesome_print.noarch 0:1.0.2-10.el6 will be
    installed
    —> Package rubygem-bundler.noarch 0:1.0.15-3.el6 will be installed
    –> Processing Dependency: rubygem(thor) = 0.14.6 for package:
    rubygem-bundler-1.0.15-3.el6.noarch
    —> Package rubygem-fastercsv.noarch 0:1.5.4-1.el6 will be installed
    –> Running transaction check
    —> Package audit-libs-python.x86_64 0:2.2-4.el6_5 will be installed
    –> Processing Dependency: audit-libs = 2.2-4.el6_5 for package:
    audit-libs-python-2.2-4.el6_5.x86_64
    —> Package libcgroup.x86_64 0:0.40.rc1-6.el6_5.1 will be installed
    —> Package libselinux-python.x86_64 0:2.0.94-5.3.el6_4.1 will be
    installed
    —> Package libsemanage-python.x86_64 0:2.0.43-4.2.el6 will be installed
    —> Package rubygem-thor.noarch 0:0.14.6-2.el6 will be installed
    —> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be installed
    –> Processing Dependency: setools-libs = 3.3.7-4.el6 for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4(VERS_4.0)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.2)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.1)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.3)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.3)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.2)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.1)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4()(64bit) for package:
    setools-libs-python-3.3.7-4.el6.x86_64
    –> Running transaction check
    —> Package audit-libs.x86_64 0:2.2-2.el6 will be updated
    –> Processing Dependency: audit-libs = 2.2-2.el6 for package:
    audit-2.2-2.el6.x86_64
    —> Package audit-libs.x86_64 0:2.2-4.el6_5 will be an update
    —> Package setools-libs.x86_64 0:3.3.7-4.el6 will be installed
    –> Running transaction check
    —> Package audit.x86_64 0:2.2-2.el6 will be updated
    —> Package audit.x86_64 0:2.2-4.el6_5 will be an update
    –> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================================================================

Package
Arch Version
Repository
Size

=====================================================================================================================================================================================================================================================

Updating:
foreman-installer
noarch 1:1.6.0-1.el6
foreman_proxy
774 k
foreman-proxy
noarch 1.6.0-1.el6
foreman_proxy
90 k
foreman-release
noarch 1.6.0-1.el6
foreman_proxy
14 k
Installing for dependencies:
audit-libs-python
x86_64 2.2-4.el6_5
centos-updates
59 k
foreman-selinux
noarch 1.6.0-1.el6
foreman_proxy
43 k
libcgroup
x86_64 0.40.rc1-6.el6_5.1
centos-updates
126 k
libselinux-python
x86_64 2.0.94-5.3.el6_4.1
centos-base
202 k
libsemanage-python
x86_64 2.0.43-4.2.el6
centos-base
81 k
policycoreutils-python
x86_64 2.0.83-19.39.el6
centos-base
343 k
rubygem-apipie-bindings
noarch 0.0.8-4.el6
foreman_proxy
20 k
rubygem-awesome_print
noarch 1.0.2-10.el6
foreman_proxy
40 k
rubygem-bundler
noarch 1.0.15-3.el6
foreman_proxy
260 k
rubygem-bundler_ext
noarch 0.3.0-6.el6
foreman_proxy
7.9 k
rubygem-fastercsv
noarch 1.5.4-1.el6
epel
299 k
rubygem-thor
noarch 0.14.6-2.el6
foreman_proxy
263 k
setools-libs
x86_64 3.3.7-4.el6
centos-base
400 k
setools-libs-python
x86_64 3.3.7-4.el6
centos-base
222 k
Updating for dependencies:
audit
x86_64 2.2-4.el6_5
centos-updates
225 k
audit-libs
x86_64 2.2-4.el6_5
centos-updates
60 k

Transaction Summary

=====================================================================================================================================================================================================================================================

Install 14 Package(s)
Upgrade 5 Package(s)

Total size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID
667d1f07: NOKEY
Retrieving key from http://yum.theforeman.org/RPM-GPG-KEY-foreman

The GPG keys listed for the “Foreman stable repository” repository are
already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

$ cat /etc/yum.repos.d/foreman_proxy.repo
[foreman_proxy]
name=Foreman stable repository
baseurl=http://yum.theforeman.org/releases/latest/el6/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ cat /etc/yum.repos.d/foreman_proxy-source.repo
[foreman_proxy-source]
name=Foreman stable source repository
baseurl=http://yum.theforeman.org/releases/latest/el6/source
enabled=0
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman

Thoughts?

I’ll leave this system not upgraded as a way to help debug the issue.

  • Trey

On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal lzap@redhat.com wrote:
Hello,

I believe this belongs to:

https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ

Can you confirm please?

LZ

On Mon, Oct 06, 2014 at 09:52:31AM -0700, treydock wrote:

I have been updating my foreman proxy servers to be fully updated now
that

I’m running Foreman 1.6.

I ran “yum update foreman*” and when I accepted the packages to be
updated

I received this:

The GPG keys listed for the “Foreman stable repository” repository are
already installed but they are not correct for this package.

My proxies are managed using foreman_proxy puppet module. The only
way I

was able to get them to update was replace “gpgkey” lines in the repo
files

with a “file://” path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then
manually install the foreman-release RPM to get the file in place.
Before

I changed the “gpgkey” line the value was
"http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of
some

kind, or something else amiss?

Thanks,

  • Trey


You received this message because you are subscribed to the Google
Groups “Foreman users” group.

To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.

To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Later,
Lukas #lzap Zapletal


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/QWWeLacqDw4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

7

no, I guess that won't help then :frowning:

··· -- Felix Gilcher Geschäftsführer

m. +49 172 840 88 28

asquera GmbH
Ohlauer Straße 43
D-10999 Berlin

AG Charlottenburg, HRB 140808 B
Geschäftsführung: Felix Gilcher, Florian Gilcher

On 06 Oct 2014, at 22:43, Trey Dockendorf treydock@gmail.com wrote:

In my case I’m attempting to update to 1.6, so am not sure the 1.5 pinning would help.

  • Trey

On Oct 6, 2014 2:52 PM, “Felix Gilcher” felix.gilcher@asquera.de wrote:
I observed the same problem when using the 1.6 repos on a CentOS 6.5 server. You need to pin the repo to 1.5 instead of “latest”.

Best
Felix

Felix Gilcher
Geschäftsführer

m. +49 172 840 88 28

asquera GmbH
Ohlauer Straße 43
D-10999 Berlin

AG Charlottenburg, HRB 140808 B
Geschäftsführung: Felix Gilcher, Florian Gilcher

On 06 Oct 2014, at 20:28, Trey Dockendorf treydock@gmail.com wrote:

Just tried on another host running foreman-proxy:

$ rpm -e gpg-pubkey-e775ff07-4cda3cf9
$ rpm --import http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ rpm -qi gpg-pubkey-1aa043b8-53b2e946 | gpg --with-fingerprint -
pub 4096R/1AA043B8 2014-07-01 Foreman Automatic Signing Key (2014) packages@theforeman.org
Key fingerprint = 7059 542D 5AEA 367F 7873 2D02 B348 4CB7 1AA0 43B8
sub 4096R/3A85FC71 2014-07-01 [expires: 2016-06-30]

$ yum update foreman*
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile

  • webmin: download.webmin.com
    Setting up Update Process
    Resolving Dependencies
    –> Running transaction check
    —> Package foreman-installer.noarch 1:1.5.0-1.el6 will be updated
    —> Package foreman-installer.noarch 1:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem-apipie-bindings >= 0.0.6 for package: 1:foreman-installer-1.6.0-1.el6.noarch
    –> Processing Dependency: foreman-selinux for package: 1:foreman-installer-1.6.0-1.el6.noarch
    —> Package foreman-proxy.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-proxy.noarch 0:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem(bundler_ext) for package: foreman-proxy-1.6.0-1.el6.noarch
    —> Package foreman-release.noarch 0:1.5.0-1.el6 will be updated
    —> Package foreman-release.noarch 0:1.6.0-1.el6 will be an update
    –> Running transaction check
    —> Package foreman-selinux.noarch 0:1.6.0-1.el6 will be installed
    –> Processing Dependency: policycoreutils-python for package: foreman-selinux-1.6.0-1.el6.noarch
    –> Processing Dependency: /usr/sbin/semanage for package: foreman-selinux-1.6.0-1.el6.noarch
    —> Package rubygem-apipie-bindings.noarch 0:0.0.8-4.el6 will be installed
    –> Processing Dependency: rubygem(fastercsv) for package: rubygem-apipie-bindings-0.0.8-4.el6.noarch
    –> Processing Dependency: rubygem(awesome_print) for package: rubygem-apipie-bindings-0.0.8-4.el6.noarch
    —> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el6 will be installed
    –> Processing Dependency: rubygem(bundler) for package: rubygem-bundler_ext-0.3.0-6.el6.noarch
    –> Running transaction check
    —> Package policycoreutils-python.x86_64 0:2.0.83-19.39.el6 will be installed
    –> Processing Dependency: libsemanage-python >= 2.0.43-4 for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: audit-libs-python >= 1.4.2-1 for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: setools-libs-python for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libselinux-python for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    –> Processing Dependency: libcgroup for package: policycoreutils-python-2.0.83-19.39.el6.x86_64
    —> Package rubygem-awesome_print.noarch 0:1.0.2-10.el6 will be installed
    —> Package rubygem-bundler.noarch 0:1.0.15-3.el6 will be installed
    –> Processing Dependency: rubygem(thor) = 0.14.6 for package: rubygem-bundler-1.0.15-3.el6.noarch
    —> Package rubygem-fastercsv.noarch 0:1.5.4-1.el6 will be installed
    –> Running transaction check
    —> Package audit-libs-python.x86_64 0:2.2-4.el6_5 will be installed
    –> Processing Dependency: audit-libs = 2.2-4.el6_5 for package: audit-libs-python-2.2-4.el6_5.x86_64
    —> Package libcgroup.x86_64 0:0.40.rc1-6.el6_5.1 will be installed
    —> Package libselinux-python.x86_64 0:2.0.94-5.3.el6_4.1 will be installed
    —> Package libsemanage-python.x86_64 0:2.0.43-4.2.el6 will be installed
    —> Package rubygem-thor.noarch 0:0.14.6-2.el6 will be installed
    —> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be installed
    –> Processing Dependency: setools-libs = 3.3.7-4.el6 for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4(VERS_4.0)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.2)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4(VERS_4.1)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.3)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.3)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1(VERS_1.2)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.1)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libsefs.so.4()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libseaudit.so.4()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libqpol.so.1()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libpoldiff.so.1()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Processing Dependency: libapol.so.4()(64bit) for package: setools-libs-python-3.3.7-4.el6.x86_64
    –> Running transaction check
    —> Package audit-libs.x86_64 0:2.2-2.el6 will be updated
    –> Processing Dependency: audit-libs = 2.2-2.el6 for package: audit-2.2-2.el6.x86_64
    —> Package audit-libs.x86_64 0:2.2-4.el6_5 will be an update
    —> Package setools-libs.x86_64 0:3.3.7-4.el6 will be installed
    –> Running transaction check
    —> Package audit.x86_64 0:2.2-2.el6 will be updated
    —> Package audit.x86_64 0:2.2-4.el6_5 will be an update
    –> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================================================================================================
Package Arch Version Repository Size

Updating:
foreman-installer noarch 1:1.6.0-1.el6 foreman_proxy 774 k
foreman-proxy noarch 1.6.0-1.el6 foreman_proxy 90 k
foreman-release noarch 1.6.0-1.el6 foreman_proxy 14 k
Installing for dependencies:
audit-libs-python x86_64 2.2-4.el6_5 centos-updates 59 k
foreman-selinux noarch 1.6.0-1.el6 foreman_proxy 43 k
libcgroup x86_64 0.40.rc1-6.el6_5.1 centos-updates 126 k
libselinux-python x86_64 2.0.94-5.3.el6_4.1 centos-base 202 k
libsemanage-python x86_64 2.0.43-4.2.el6 centos-base 81 k
policycoreutils-python x86_64 2.0.83-19.39.el6 centos-base 343 k
rubygem-apipie-bindings noarch 0.0.8-4.el6 foreman_proxy 20 k
rubygem-awesome_print noarch 1.0.2-10.el6 foreman_proxy 40 k
rubygem-bundler noarch 1.0.15-3.el6 foreman_proxy 260 k
rubygem-bundler_ext noarch 0.3.0-6.el6 foreman_proxy 7.9 k
rubygem-fastercsv noarch 1.5.4-1.el6 epel 299 k
rubygem-thor noarch 0.14.6-2.el6 foreman_proxy 263 k
setools-libs x86_64 3.3.7-4.el6 centos-base 400 k
setools-libs-python x86_64 3.3.7-4.el6 centos-base 222 k
Updating for dependencies:
audit x86_64 2.2-4.el6_5 centos-updates 225 k
audit-libs x86_64 2.2-4.el6_5 centos-updates 60 k

Transaction Summary

Install 14 Package(s)
Upgrade 5 Package(s)

Total size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID 667d1f07: NOKEY
Retrieving key from http://yum.theforeman.org/RPM-GPG-KEY-foreman

The GPG keys listed for the “Foreman stable repository” repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.

$ cat /etc/yum.repos.d/foreman_proxy.repo
[foreman_proxy]
name=Foreman stable repository
baseurl=http://yum.theforeman.org/releases/latest/el6/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ cat /etc/yum.repos.d/foreman_proxy-source.repo
[foreman_proxy-source]
name=Foreman stable source repository
baseurl=http://yum.theforeman.org/releases/latest/el6/source
enabled=0
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman

Thoughts?

I’ll leave this system not upgraded as a way to help debug the issue.

  • Trey

On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal lzap@redhat.com wrote:
Hello,

I believe this belongs to:

https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ

Can you confirm please?

LZ

On Mon, Oct 06, 2014 at 09:52:31AM -0700, treydock wrote:

I have been updating my foreman proxy servers to be fully updated now that
I’m running Foreman 1.6.

I ran “yum update foreman*” and when I accepted the packages to be updated
I received this:

The GPG keys listed for the “Foreman stable repository” repository are
already installed but they are not correct for this package.

My proxies are managed using foreman_proxy puppet module. The only way I
was able to get them to update was replace “gpgkey” lines in the repo files
with a “file://” path to /etc/pki/rpm-gpg/RPM-GPG-KEY-foreman and then
manually install the foreman-release RPM to get the file in place. Before
I changed the “gpgkey” line the value was
"http://yum.theforeman.org/RPM-GPG-KEY-foreman". Is this a bug of some
kind, or something else amiss?

Thanks,

  • Trey


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Later,
Lukas #lzap Zapletal


You received this message

8

I'm struggling with the same issue actually. I think the problem comes from
this statement:

Foreman 1.4 and 1.5 RPMs have been re-signed and a -2 package released
> to update foreman-release.rpm with the new public key.
> As above, new keys will be used for major releases going forward.
>

If you look at Foreman :: Security, you'll see that
Foreman 1.6 was signed with a new 1.6 release key that doesn't look to be
available as a flat key outside of the foreman-release.rpm package. I'm
trying to figure out a way to extract the key from the foreman-release.rpm
package without actually installing the package on my server.

It would be nice if the public key was available from
http://yum.theforeman.org so that I could just download it when I sync the
Foreman packages, since I host the packages on my internal network.

··· On Monday, October 6, 2014 4:44:22 PM UTC-4, Felix Gilcher wrote: > > no, I guess that won't help then :( > -- > Felix Gilcher > Geschäftsführer > > m. +49 172 840 88 28 > > asquera GmbH > Ohlauer Straße 43 > D-10999 Berlin > > AG Charlottenburg, HRB 140808 B > Geschäftsführung: Felix Gilcher, Florian Gilcher > > On 06 Oct 2014, at 22:43, Trey Dockendorf <trey...@gmail.com > > wrote: > > > In my case I'm attempting to update to 1.6, so am not sure the 1.5 > pinning would help. > > > > - Trey > > > > On Oct 6, 2014 2:52 PM, "Felix Gilcher" > wrote: > > I observed the same problem when using the 1.6 repos on a CentOS 6.5 > server. You need to pin the repo to 1.5 instead of "latest". > > > > Best > > Felix > > -- > > Felix Gilcher > > Geschäftsführer > > > > m. +49 172 840 88 28 > > > > asquera GmbH > > Ohlauer Straße 43 > > D-10999 Berlin > > > > AG Charlottenburg, HRB 140808 B > > Geschäftsführung: Felix Gilcher, Florian Gilcher > > > > On 06 Oct 2014, at 20:28, Trey Dockendorf > wrote: > > > > > Just tried on another host running foreman-proxy: > > > > > > $ rpm -e gpg-pubkey-e775ff07-4cda3cf9 > > > $ rpm --import http://yum.theforeman.org/RPM-GPG-KEY-foreman > > > $ rpm -qi gpg-pubkey-1aa043b8-53b2e946 | gpg --with-fingerprint - > > > pub 4096R/1AA043B8 2014-07-01 Foreman Automatic Signing Key (2014) < > pack...@theforeman.org > > > > Key fingerprint = 7059 542D 5AEA 367F 7873 2D02 B348 4CB7 1AA0 > 43B8 > > > sub 4096R/3A85FC71 2014-07-01 [expires: 2016-06-30] > > > > > > $ yum update foreman\* > > > Loaded plugins: downloadonly, fastestmirror > > > Loading mirror speeds from cached hostfile > > > * webmin: download.webmin.com > > > Setting up Update Process > > > Resolving Dependencies > > > --> Running transaction check > > > ---> Package foreman-installer.noarch 1:1.5.0-1.el6 will be updated > > > ---> Package foreman-installer.noarch 1:1.6.0-1.el6 will be an update > > > --> Processing Dependency: rubygem-apipie-bindings >= 0.0.6 for > package: 1:foreman-installer-1.6.0-1.el6.noarch > > > --> Processing Dependency: foreman-selinux for package: > 1:foreman-installer-1.6.0-1.el6.noarch > > > ---> Package foreman-proxy.noarch 0:1.5.0-1.el6 will be updated > > > ---> Package foreman-proxy.noarch 0:1.6.0-1.el6 will be an update > > > --> Processing Dependency: rubygem(bundler_ext) for package: > foreman-proxy-1.6.0-1.el6.noarch > > > ---> Package foreman-release.noarch 0:1.5.0-1.el6 will be updated > > > ---> Package foreman-release.noarch 0:1.6.0-1.el6 will be an update > > > --> Running transaction check > > > ---> Package foreman-selinux.noarch 0:1.6.0-1.el6 will be installed > > > --> Processing Dependency: policycoreutils-python for package: > foreman-selinux-1.6.0-1.el6.noarch > > > --> Processing Dependency: /usr/sbin/semanage for package: > foreman-selinux-1.6.0-1.el6.noarch > > > ---> Package rubygem-apipie-bindings.noarch 0:0.0.8-4.el6 will be > installed > > > --> Processing Dependency: rubygem(fastercsv) for package: > rubygem-apipie-bindings-0.0.8-4.el6.noarch > > > --> Processing Dependency: rubygem(awesome_print) for package: > rubygem-apipie-bindings-0.0.8-4.el6.noarch > > > ---> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el6 will be > installed > > > --> Processing Dependency: rubygem(bundler) for package: > rubygem-bundler_ext-0.3.0-6.el6.noarch > > > --> Running transaction check > > > ---> Package policycoreutils-python.x86_64 0:2.0.83-19.39.el6 will be > installed > > > --> Processing Dependency: libsemanage-python >= 2.0.43-4 for package: > policycoreutils-python-2.0.83-19.39.el6.x86_64 > > > --> Processing Dependency: audit-libs-python >= 1.4.2-1 for package: > policycoreutils-python-2.0.83-19.39.el6.x86_64 > > > --> Processing Dependency: setools-libs-python for package: > policycoreutils-python-2.0.83-19.39.el6.x86_64 > > > --> Processing Dependency: libselinux-python for package: > policycoreutils-python-2.0.83-19.39.el6.x86_64 > > > --> Processing Dependency: libcgroup for package: > policycoreutils-python-2.0.83-19.39.el6.x86_64 > > > ---> Package rubygem-awesome_print.noarch 0:1.0.2-10.el6 will be > installed > > > ---> Package rubygem-bundler.noarch 0:1.0.15-3.el6 will be installed > > > --> Processing Dependency: rubygem(thor) = 0.14.6 for package: > rubygem-bundler-1.0.15-3.el6.noarch > > > ---> Package rubygem-fastercsv.noarch 0:1.5.4-1.el6 will be installed > > > --> Running transaction check > > > ---> Package audit-libs-python.x86_64 0:2.2-4.el6_5 will be installed > > > --> Processing Dependency: audit-libs = 2.2-4.el6_5 for package: > audit-libs-python-2.2-4.el6_5.x86_64 > > > ---> Package libcgroup.x86_64 0:0.40.rc1-6.el6_5.1 will be installed > > > ---> Package libselinux-python.x86_64 0:2.0.94-5.3.el6_4.1 will be > installed > > > ---> Package libsemanage-python.x86_64 0:2.0.43-4.2.el6 will be > installed > > > ---> Package rubygem-thor.noarch 0:0.14.6-2.el6 will be installed > > > ---> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be > installed > > > --> Processing Dependency: setools-libs = 3.3.7-4.el6 for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libsefs.so.4(VERS_4.0)(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libseaudit.so.4(VERS_4.2)(64bit) for > package: setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libseaudit.so.4(VERS_4.1)(64bit) for > package: setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libqpol.so.1(VERS_1.3)(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libpoldiff.so.1(VERS_1.3)(64bit) for > package: setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libpoldiff.so.1(VERS_1.2)(64bit) for > package: setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libapol.so.4(VERS_4.1)(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libsefs.so.4()(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libseaudit.so.4()(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libqpol.so.1()(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libpoldiff.so.1()(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Processing Dependency: libapol.so.4()(64bit) for package: > setools-libs-python-3.3.7-4.el6.x86_64 > > > --> Running transaction check > > > ---> Package audit-libs.x86_64 0:2.2-2.el6 will be updated > > > --> Processing Dependency: audit-libs = 2.2-2.el6 for package: > audit-2.2-2.el6.x86_64 > > > ---> Package audit-libs.x86_64 0:2.2-4.el6_5 will be an update > > > ---> Package setools-libs.x86_64 0:3.3.7-4.el6 will be installed > > > --> Running transaction check > > > ---> Package audit.x86_64 0:2.2-2.el6 will be updated > > > ---> Package audit.x86_64 0:2.2-4.el6_5 will be an update > > > --> Finished Dependency Resolution > > > > > > Dependencies Resolved > > > > > > > ===================================================================================================================================================================================================================================================== > > > > Package > Arch Version > Repository > Size > > > > ===================================================================================================================================================================================================================================================== > > > > Updating: > > > foreman-installer > noarch 1:1.6.0-1.el6 > foreman_proxy > 774 k > > > foreman-proxy > noarch 1.6.0-1.el6 > foreman_proxy > 90 k > > > foreman-release > noarch 1.6.0-1.el6 > foreman_proxy > 14 k > > > Installing for dependencies: > > > audit-libs-python > x86_64 2.2-4.el6_5 > centos-updates > 59 k > > > foreman-selinux > noarch 1.6.0-1.el6 > foreman_proxy > 43 k > > > libcgroup > x86_64 0.40.rc1-6.el6_5.1 > centos-updates > 126 k > > > libselinux-python > x86_64 2.0.94-5.3.el6_4.1 > centos-base > 202 k > > > libsemanage-python > x86_64 2.0.43-4.2.el6 > centos-base > 81 k > > > policycoreutils-python > x86_64 2.0.83-19.39.el6 > centos-base > 343 k > > > rubygem-apipie-bindings > noarch 0.0.8-4.el6 > foreman_proxy > 20 k > > > rubygem-awesome_print > noarch 1.0.2-10.el6 > foreman_proxy > 40 k > > > rubygem-bundler > noarch 1.0.15-3.el6 > foreman_proxy > 260 k > > > rubygem-bundler_ext > noarch 0.3.0-6.el6 > foreman_proxy > 7.9 k > > > rubygem-fastercsv > noarch 1.5.4-1.el6 > epel > 299 k > > > rubygem-thor > noarch 0.14.6-2.el6 > foreman_proxy > 263 k > > > setools-libs > x86_64 3.3.7-4.el6 > centos-base > 400 k > > > setools-libs-python > x86_64 3.3.7-4.el6 > centos-base > 222 k > > > Updating for dependencies: > > > audit > x86_64 2.2-4.el6_5 > centos-updates > 225 k > > > audit-libs > x86_64 2.2-4.el6_5 > centos-updates > 60 k > > > > > > Transaction Summary > > > > ===================================================================================================================================================================================================================================================== > > > > Install 14 Package(s) > > > Upgrade 5 Package(s) > > > > > > Total size: 3.4 M > > > Is this ok [y/N]: y > > > Downloading Packages: > > > warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID > 667d1f07: NOKEY > > > Retrieving key from http://yum.theforeman.org/RPM-GPG-KEY-foreman > > > > > > > > > The GPG keys listed for the "Foreman stable repository" repository are > already installed but they are not correct for this package. > > > Check that the correct key URLs are configured for this repository. > > > > > > $ cat /etc/yum.repos.d/foreman_proxy.repo > > > [foreman_proxy] > > > name=Foreman stable repository > > > baseurl=http://yum.theforeman.org/releases/latest/el6/$basearch > > > enabled=1 > > > gpgcheck=1 > > > gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman > > > $ cat /etc/yum.repos.d/foreman_proxy-source.repo > > > [foreman_proxy-source] > > > name=Foreman stable source repository > > > baseurl=http://yum.theforeman.org/releases/latest/el6/source > > > enabled=0 > > > gpgcheck=1 > > > gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman > > > > > > Thoughts? > > > > > > I'll leave this system not upgraded as a way to help debug the issue. > > > > > > - Trey > > > > > > On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal > wrote: > > > Hello, > > > > > > I believe this belongs to: > > > > > > > https://groups.google.com/forum/#!searchin/foreman-announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ > > > > > > Can you co
9

Download the RPM, then do "rpm2cpio foreman-release.rpm | cpio -dimv".
That will exact contents into current directory. I wrote a gpg_key
provider for Puppet 1 which I'd integrate into the Puppet modules used by
theforeman project, but if it's not available at yum.theforeman.org then
using the key as a flat file in the Puppet modules may be something the
devs don't want to do.

If I'm wrong and using a gpg_key provider and managing the gpg_key via the
Puppet modules is something that would be accepted, let me know :slight_smile:

  • Trey
··· On Mon, Oct 6, 2014 at 4:33 PM, Michael Griffin wrote:

I’m struggling with the same issue actually. I think the problem comes
from this statement:

Foreman 1.4 and 1.5 RPMs have been re-signed and a -2 package released

to update foreman-release.rpm with the new public key.
As above, new keys will be used for major releases going forward.

If you look at Foreman :: Security, you’ll see
that Foreman 1.6 was signed with a new 1.6 release key that doesn’t look to
be available as a flat key outside of the foreman-release.rpm package. I’m
trying to figure out a way to extract the key from the foreman-release.rpm
package without actually installing the package on my server.

It would be nice if the public key was available from
http://yum.theforeman.org so that I could just download it when I sync
the Foreman packages, since I host the packages on my internal network.

On Monday, October 6, 2014 4:44:22 PM UTC-4, Felix Gilcher wrote:

no, I guess that won’t help then :frowning:

Felix Gilcher
Geschäftsführer

m. +49 172 840 88 28

asquera GmbH
Ohlauer Straße 43
D-10999 Berlin

AG Charlottenburg, HRB 140808 B
Geschäftsführung: Felix Gilcher, Florian Gilcher

On 06 Oct 2014, at 22:43, Trey Dockendorf trey...@gmail.com wrote:

In my case I’m attempting to update to 1.6, so am not sure the 1.5
pinning would help.

  • Trey

On Oct 6, 2014 2:52 PM, “Felix Gilcher” felix....@asquera.de wrote:
I observed the same problem when using the 1.6 repos on a CentOS 6.5
server. You need to pin the repo to 1.5 instead of “latest”.

Best
Felix

Felix Gilcher
Geschäftsführer

m. +49 172 840 88 28

asquera GmbH
Ohlauer Straße 43
D-10999 Berlin

AG Charlottenburg, HRB 140808 B
Geschäftsführung: Felix Gilcher, Florian Gilcher

On 06 Oct 2014, at 20:28, Trey Dockendorf trey...@gmail.com wrote:

Just tried on another host running foreman-proxy:

$ rpm -e gpg-pubkey-e775ff07-4cda3cf9
$ rpm --import http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ rpm -qi gpg-pubkey-1aa043b8-53b2e946 | gpg --with-fingerprint -
pub 4096R/1AA043B8 2014-07-01 Foreman Automatic Signing Key (2014) <
pack...@theforeman.org>

  Key fingerprint = 7059 542D 5AEA 367F 7873  2D02 B348 4CB7 1AA0

43B8

sub 4096R/3A85FC71 2014-07-01 [expires: 2016-06-30]

$ yum update foreman*
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile

  • webmin: download.webmin.com
    Setting up Update Process
    Resolving Dependencies
    –> Running transaction check
    —> Package foreman-installer.noarch 1:1.5.0-1.el6 will be updated
    —> Package foreman-installer.noarch 1:1.6.0-1.el6 will be an update
    –> Processing Dependency: rubygem-apipie-bindings >= 0.0.6 for
    package: 1:foreman-installer-1.6.0-1.el6.noarch

–> Processing Dependency: foreman-selinux for package:
1:foreman-installer-1.6.0-1.el6.noarch

—> Package foreman-proxy.noarch 0:1.5.0-1.el6 will be updated
—> Package foreman-proxy.noarch 0:1.6.0-1.el6 will be an update
–> Processing Dependency: rubygem(bundler_ext) for package:
foreman-proxy-1.6.0-1.el6.noarch

—> Package foreman-release.noarch 0:1.5.0-1.el6 will be updated
—> Package foreman-release.noarch 0:1.6.0-1.el6 will be an update
–> Running transaction check
—> Package foreman-selinux.noarch 0:1.6.0-1.el6 will be installed
–> Processing Dependency: policycoreutils-python for package:
foreman-selinux-1.6.0-1.el6.noarch

–> Processing Dependency: /usr/sbin/semanage for package:
foreman-selinux-1.6.0-1.el6.noarch

—> Package rubygem-apipie-bindings.noarch 0:0.0.8-4.el6 will be
installed

–> Processing Dependency: rubygem(fastercsv) for package:
rubygem-apipie-bindings-0.0.8-4.el6.noarch

–> Processing Dependency: rubygem(awesome_print) for package:
rubygem-apipie-bindings-0.0.8-4.el6.noarch

—> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el6 will be
installed

–> Processing Dependency: rubygem(bundler) for package:
rubygem-bundler_ext-0.3.0-6.el6.noarch

–> Running transaction check
—> Package policycoreutils-python.x86_64 0:2.0.83-19.39.el6 will be
installed

–> Processing Dependency: libsemanage-python >= 2.0.43-4 for
package: policycoreutils-python-2.0.83-19.39.el6.x86_64

–> Processing Dependency: audit-libs-python >= 1.4.2-1 for package:
policycoreutils-python-2.0.83-19.39.el6.x86_64

–> Processing Dependency: setools-libs-python for package:
policycoreutils-python-2.0.83-19.39.el6.x86_64

–> Processing Dependency: libselinux-python for package:
policycoreutils-python-2.0.83-19.39.el6.x86_64

–> Processing Dependency: libcgroup for package:
policycoreutils-python-2.0.83-19.39.el6.x86_64

—> Package rubygem-awesome_print.noarch 0:1.0.2-10.el6 will be
installed

—> Package rubygem-bundler.noarch 0:1.0.15-3.el6 will be installed
–> Processing Dependency: rubygem(thor) = 0.14.6 for package:
rubygem-bundler-1.0.15-3.el6.noarch

—> Package rubygem-fastercsv.noarch 0:1.5.4-1.el6 will be installed
–> Running transaction check
—> Package audit-libs-python.x86_64 0:2.2-4.el6_5 will be installed
–> Processing Dependency: audit-libs = 2.2-4.el6_5 for package:
audit-libs-python-2.2-4.el6_5.x86_64

—> Package libcgroup.x86_64 0:0.40.rc1-6.el6_5.1 will be installed
—> Package libselinux-python.x86_64 0:2.0.94-5.3.el6_4.1 will be
installed

—> Package libsemanage-python.x86_64 0:2.0.43-4.2.el6 will be
installed

—> Package rubygem-thor.noarch 0:0.14.6-2.el6 will be installed
—> Package setools-libs-python.x86_64 0:3.3.7-4.el6 will be
installed

–> Processing Dependency: setools-libs = 3.3.7-4.el6 for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libsefs.so.4(VERS_4.0)(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libseaudit.so.4(VERS_4.2)(64bit) for
package: setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libseaudit.so.4(VERS_4.1)(64bit) for
package: setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libqpol.so.1(VERS_1.3)(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libpoldiff.so.1(VERS_1.3)(64bit) for
package: setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libpoldiff.so.1(VERS_1.2)(64bit) for
package: setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libapol.so.4(VERS_4.1)(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libsefs.so.4()(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libseaudit.so.4()(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libqpol.so.1()(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libpoldiff.so.1()(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Processing Dependency: libapol.so.4()(64bit) for package:
setools-libs-python-3.3.7-4.el6.x86_64

–> Running transaction check
—> Package audit-libs.x86_64 0:2.2-2.el6 will be updated
–> Processing Dependency: audit-libs = 2.2-2.el6 for package:
audit-2.2-2.el6.x86_64

—> Package audit-libs.x86_64 0:2.2-4.el6_5 will be an update
—> Package setools-libs.x86_64 0:3.3.7-4.el6 will be installed
–> Running transaction check
—> Package audit.x86_64 0:2.2-2.el6 will be updated
—> Package audit.x86_64 0:2.2-4.el6_5 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

============================================================
============================================================
============================================================
=================================================================

Package
Arch Version
Repository
Size

============================================================
============================================================
============================================================
=================================================================

Updating:
foreman-installer
noarch 1:1.6.0-1.el6
foreman_proxy
774 k

foreman-proxy
noarch 1.6.0-1.el6
foreman_proxy
90 k

foreman-release
noarch 1.6.0-1.el6
foreman_proxy
14 k

Installing for dependencies:
audit-libs-python
x86_64 2.2-4.el6_5
centos-updates
59 k

foreman-selinux
noarch 1.6.0-1.el6
foreman_proxy
43 k

libcgroup
x86_64 0.40.rc1-6.el6_5.1
centos-updates
126 k

libselinux-python
x86_64 2.0.94-5.3.el6_4.1
centos-base
202 k

libsemanage-python
x86_64 2.0.43-4.2.el6
centos-base
81 k

policycoreutils-python
x86_64 2.0.83-19.39.el6
centos-base
343 k

rubygem-apipie-bindings
noarch 0.0.8-4.el6
foreman_proxy
20 k

rubygem-awesome_print
noarch 1.0.2-10.el6
foreman_proxy
40 k

rubygem-bundler
noarch 1.0.15-3.el6
foreman_proxy
260 k

rubygem-bundler_ext
noarch 0.3.0-6.el6
foreman_proxy
7.9 k

rubygem-fastercsv
noarch 1.5.4-1.el6
epel
299 k

rubygem-thor
noarch 0.14.6-2.el6
foreman_proxy
263 k

setools-libs
x86_64 3.3.7-4.el6
centos-base
400 k

setools-libs-python
x86_64 3.3.7-4.el6
centos-base
222 k

Updating for dependencies:
audit
x86_64 2.2-4.el6_5
centos-updates
225 k

audit-libs
x86_64 2.2-4.el6_5
centos-updates
60 k

Transaction Summary

============================================================

=================================================================

Install 14 Package(s)
Upgrade 5 Package(s)

Total size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID
667d1f07: NOKEY

Retrieving key from http://yum.theforeman.org/RPM-GPG-KEY-foreman

The GPG keys listed for the “Foreman stable repository” repository
are already installed but they are not correct for this package.

Check that the correct key URLs are configured for this repository.

$ cat /etc/yum.repos.d/foreman_proxy.repo
[foreman_proxy]
name=Foreman stable repository
baseurl=http://yum.theforeman.org/releases/latest/el6/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman
$ cat /etc/yum.repos.d/foreman_proxy-source.repo
[foreman_proxy-source]
name=Foreman stable source repository
baseurl=http://yum.theforeman.org/releases/latest/el6/source
enabled=0
gpgcheck=1
gpgkey=http://yum.theforeman.org/RPM-GPG-KEY-foreman

Thoughts?

I’ll leave this system not upgraded as a way to help debug the issue.

  • Trey

On Mon, Oct 6, 2014 at 12:06 PM, Lukas Zapletal lz...@redhat.com >> wrote:
Hello,

I believe this belongs to:

https://groups.google.com/forum/#!searchin/foreman-
announce/gpg/foreman-announce/BiIT784Mb7Q/_iTBJQCIEbEJ

Can you confirm please?

LZ

On Mon, Oct 06, 2014 at 09:5

10

Yeah, spot on. I've uploaded the key here:
http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman

And I'll ensure this gets done in future as we generate new keys.

Thanks!

··· On 06/10/14 22:33, Michael Griffin wrote: > I'm struggling with the same issue actually. I think the problem comes > from this statement: > > Foreman 1.4 and 1.5 RPMs have been re-signed and a -2 package released > to update foreman-release.rpm with the new public key. *As above, new > keys will be used for major releases going forward.* > > > If you look at http://theforeman.org/security.html#GPGkeys, you'll see > that Foreman 1.6 was signed with a new 1.6 release key that doesn't look > to be available as a flat key outside of the foreman-release.rpm > package. I'm trying to figure out a way to extract the key from the > foreman-release.rpm package without actually installing the package on > my server. > > It would be nice if the public key was available from > http://yum.theforeman.org so that I could just download it when I sync > the Foreman packages, since I host the packages on my internal network.


Dominic Cleal
Red Hat Engineering

11

Thanks Dominic!

··· On Tuesday, October 7, 2014 3:13:06 AM UTC-4, Dominic Cleal wrote: > > On 06/10/14 22:33, Michael Griffin wrote: > > I'm struggling with the same issue actually. I think the problem comes > > from this statement: > > > > Foreman 1.4 and 1.5 RPMs have been re-signed and a -2 package > released > > to update foreman-release.rpm with the new public key. *As above, > new > > keys will be used for major releases going forward.* > > > > > > If you look at http://theforeman.org/security.html#GPGkeys, you'll see > > that Foreman 1.6 was signed with a new 1.6 release key that doesn't look > > to be available as a flat key outside of the foreman-release.rpm > > package. I'm trying to figure out a way to extract the key from the > > foreman-release.rpm package without actually installing the package on > > my server. > > > > It would be nice if the public key was available from > > http://yum.theforeman.org so that I could just download it when I sync > > the Foreman packages, since I host the packages on my internal network. > > Yeah, spot on. I've uploaded the key here: > http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman > > And I'll ensure this gets done in future as we generate new keys. > > Thanks! > > -- > Dominic Cleal > Red Hat Engineering >
12

Dominic, thanks!

Ran "puppet resource yumrepo foreman_proxy gpgkey='
http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman'" and then yum
update of my foreman_proxy host worked.

I believe the foreman Puppet module will likely set it back to be
http://yum.theforeman.org/RPM-GPG-KEY-foreman which is the wrong key.
Would you be open to a PR to foreman module to use a gpg_key provider?

  • Trey
··· On Tue, Oct 7, 2014 at 2:13 AM, Dominic Cleal wrote:

On 06/10/14 22:33, Michael Griffin wrote:

I’m struggling with the same issue actually. I think the problem comes
from this statement:

Foreman 1.4 and 1.5 RPMs have been re-signed and a -2 package

released

to update foreman-release.rpm with the new public key.  *As above,

new

keys will be used for major releases going forward.*

If you look at Foreman :: Security, you’ll see
that Foreman 1.6 was signed with a new 1.6 release key that doesn’t look
to be available as a flat key outside of the foreman-release.rpm
package. I’m trying to figure out a way to extract the key from the
foreman-release.rpm package without actually installing the package on
my server.

It would be nice if the public key was available from
http://yum.theforeman.org so that I could just download it when I sync
the Foreman packages, since I host the packages on my internal network.

Yeah, spot on. I’ve uploaded the key here:
http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman

And I’ll ensure this gets done in future as we generate new keys.

Thanks!


Dominic Cleal
Red Hat Engineering


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/QWWeLacqDw4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

13

> Dominic, thanks!
>
> Ran "puppet resource yumrepo foreman_proxy
> gpgkey='http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman'" and
> then yum update of my foreman_proxy host worked.
>
> I believe the foreman Puppet module will likely set it back to be
> http://yum.theforeman.org/RPM-GPG-KEY-foreman which is the wrong key.

I merged a PR at the same time which should fix that too (the e-mail
reminded me, thanks):

https://github.com/theforeman/puppet-foreman/pull/234
https://github.com/theforeman/puppet-foreman/commit/4a8395d4805cf282be310a7a902e42247b7058ac

> Would you be open to a PR to foreman module to use a gpg_key provider?

Possibly… I suppose I don't see the benefit compared to letting yum
handle it.

··· On 07/10/14 15:53, Trey Dockendorf wrote:


Dominic Cleal
Red Hat Engineering

14

>> Dominic, thanks!
>>
>> Ran "puppet resource yumrepo foreman_proxy
>> gpgkey='http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman'" and
>> then yum update of my foreman_proxy host worked.
>>
>> I believe the foreman Puppet module will likely set it back to be
>> http://yum.theforeman.org/RPM-GPG-KEY-foreman which is the wrong key.
>
> I merged a PR at the same time which should fix that too (the e-mail
> reminded me, thanks):
>
> https://github.com/theforeman/puppet-foreman/pull/234

Correction: https://github.com/theforeman/puppet-foreman/pull/233

··· On 07/10/14 15:58, Dominic Cleal wrote: > On 07/10/14 15:53, Trey Dockendorf wrote:

https://github.com/theforeman/puppet-foreman/commit/4a8395d4805cf282be310a7a902e42247b7058ac

Would you be open to a PR to foreman module to use a gpg_key provider?

Possibly… I suppose I don’t see the benefit compared to letting yum
handle it.


Dominic Cleal
Red Hat Engineering

15

Looks exactly like what's needed, thanks!

  • Trey
··· On Tue, Oct 7, 2014 at 10:01 AM, Dominic Cleal wrote:

On 07/10/14 15:58, Dominic Cleal wrote:

On 07/10/14 15:53, Trey Dockendorf wrote:

Dominic, thanks!

Ran "puppet resource yumrepo foreman_proxy
gpgkey=‘http://yum.theforeman.org/releases/1.6/RPM-GPG-KEY-foreman’"
and

then yum update of my foreman_proxy host worked.

I believe the foreman Puppet module will likely set it back to be
http://yum.theforeman.org/RPM-GPG-KEY-foreman which is the wrong key.

I merged a PR at the same time which should fix that too (the e-mail
reminded me, thanks):

https://github.com/theforeman/puppet-foreman/pull/234

Correction: https://github.com/theforeman/puppet-foreman/pull/233

https://github.com/theforeman/puppet-foreman/commit/4a8395d4805cf282be310a7a902e42247b7058ac

Would you be open to a PR to foreman module to use a gpg_key provider?

Possibly… I suppose I don’t see the benefit compared to letting yum
handle it.


Dominic Cleal
Red Hat Engineering


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/QWWeLacqDw4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.