SmartProxy 3.4 / foreman-installer-katello unsigned RPMS

elena.zaharia · September 9, 2022, 3:32pm

Problem:
rubygem-smart_proxy_pulp-3.2.0-3.fm3_3.el8.noarch.rpm and rubygem-smart_proxy_container_gateway-1.0.6-1.fm3_1.el8.noarch.rpm aren’t signed when running the foreman-installer + katello for a smart proxy (3.4).

Expected outcome:
rubygem-smart_proxy_pulp-3.2.0-3.fm3_3.el8.noarch.rpm and rubygem-smart_proxy_container_gateway-1.0.6-1.fm3_1.el8.noarch.rpm should be signed.

Foreman and Proxy versions:

Foreman and Proxy plugin versions:
SmartProxy 3.4, Katello 4.6, Pulpcore 3.18

Distribution and version:
AlmaLinux 8

Other relevant data:
2022-09-09 16:18:52 [ERROR ] [configure] Execution of ‘/bin/dnf -d 0 -e 1 -y install rubygem-smart_proxy_container_gateway’ returned 1: Package rubygem-smart_proxy_container_gateway-1.0.6-1.fm3_1.el8.noarch.rpm is not signed
2022-09-09 16:18:52 [ERROR ] [configure] GPG check FAILED
2022-09-09 16:18:52 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Plugin::Container_gateway/Foreman_proxy::Plugin::Module[container_gateway]/Foreman_proxy::Plugin[container_gateway]/Package[rubygem-smart_proxy_container_gateway]/ensure: change from ‘purged’ to ‘present’ failed: Execution of ‘/bin/dnf -d 0 -e 1 -y install rubygem-smart_proxy_container_gateway’ returned 1: Package rubygem-smart_proxy_container_gateway-1.0.6-1.fm3_1.el8.noarch.rpm is not signed
2022-09-09 16:18:52 [ERROR ] [configure] GPG check FAILED
2022-09-09 16:19:06 [NOTICE] [configure] 750 configuration steps out of 1112 steps complete.
2022-09-09 16:20:16 [NOTICE] [configure] 1000 configuration steps out of 1127 steps complete.
2022-09-09 16:20:39 [ERROR ] [configure] Execution of ‘/bin/dnf -d 0 -e 1 -y install rubygem-smart_proxy_pulp’ returned 1: Package rubygem-smart_proxy_pulp-3.2.0-3.fm3_3.el8.noarch.rpm is not signed
2022-09-09 16:20:39 [ERROR ] [configure] GPG check FAILED
2022-09-09 16:20:39 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Plugin::Pulp/Foreman_proxy::Plugin[pulp]/Package[rubygem-smart_proxy_pulp]/ensure: change from ‘purged’ to ‘present’ failed: Execution of ‘/bin/dnf -d 0 -e 1 -y install rubygem-smart_proxy_pulp’ returned 1: Package rubygem-smart_proxy_pulp-3.2.0-3.fm3_3.el8.noarch.rpm is not signed
2022-09-09 16:20:39 [ERROR ] [configure] GPG check FAILED

evgeni · September 9, 2022, 4:43pm

We currently don’t sign plugin packages.

elena.zaharia · September 9, 2022, 7:01pm

I was simply trying the default external “SmartProxy” install and these were the only 2 that failed.

This is a little misleading then:

[root@foreman ~]# cat /etc/yum.repos.d/foreman-plugins.repo
[foreman-plugins]
name=Foreman plugins 3.4
baseurl=https://yum.theforeman.org/plugins/3.4/el8/$basearch
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-foreman

elena.zaharia · September 9, 2022, 7:32pm

Also, realised I was also being misleading.
The default command foreman generates eventually runs fine.
I only tried to enable the rest of the smartproxy plugins I already have running on Foreman because I ran into this bug:

It automatically selected one organization + 2 locations that I couldn’t modify.

And now that I’ve looked at the repo file properly I can see you’ve disabled the check, which I believe gets disabled if you don’t specify a GPG key on Foreman?

evgeni · September 10, 2022, 7:35am

If you’re using our repo files, gpgcheck=0 ensures that no signature check happens.

If you’re serving the repo by some other means, it can generate a file that has gpgcheck=1 (or omit that line, which also defaults to 1)

elena.zaharia · September 13, 2022, 10:05am

I’m using Foreman to generate the repo file - redhat.repo
I just checked to see what happened if I selected “GPG key - None”, and it disabled the gpg check, which is what I was looking for.