Project

Profile

Help

Story #3055

closed

As a user, I can publish a Yum repository that works with repo_gpgcheck=1

Added by PaulSD about 7 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.15.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

To allow a Yum repository to be used with Yum clients that have repo_gpgcheck=1 configured in /etc/yum.conf:

  1. Create a new GPG signing key that can be used by Pulp worker processes without a password. (Documentation provides example procedures.)
  2. Append the public key associated with the new GPG signing key to the gpgkey file specified in the distributor config for the Yum repository in Pulp.
  3. Set gpg_sign_metadata to True in the distributor config for the Yum repository in Pulp.

See also https://access.redhat.com/solutions/2850911

Actions #2

Updated by dkliban@redhat.com about 7 years ago

  • Tracker changed from Issue to Story
  • % Done set to 0
Actions #3

Updated by PaulSD about 7 years ago

  • Subject changed from Pulp does not generate repomd.xml.asc files needed by yum repo_gpgcheck to As a user, I can publish a Yum repository that works with repo_gpgcheck=1
Actions #4

Updated by PaulSD about 7 years ago

  • Description updated (diff)
Actions #5

Updated by bmbouter about 7 years ago

  • Status changed from NEW to POST
  • Assignee set to PaulSD

So this feature defaults to off because it's only enabled if the user specifies gpg_sign_metadata=True right?

As an FYI, we do have an integration test suite called pulp-smash which is run by ichimonji10 in #pulp-dev in case you are interested in writing any tests to use and verify this feature. Whatever you want to do is fine of course. Thanks for contributing this great feature.

Added by Paul Donohue about 7 years ago

Revision f73805f6 | View on GitHub

Add support for generation of repomd.xml.asc files

fixes #3055 https://pulp.plan.io/issues/3055

Actions #6

Updated by PaulSD about 7 years ago

Correct, it defaults to off. I implemented it this way because this feature will not work unless the user first manually prepares and distributes a GPG signing key.

Actions #7

Updated by Anonymous about 7 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

Added by cduryee about 7 years ago

Revision f7f2cc62 | View on GitHub

Update documentation on GPG keys to be clearer.

re #3055 https://pulp.plan.io/issues/3055

Added by Paul Donohue about 7 years ago

Revision 5393773e | View on GitHub

Documentation improvements

re #3055 https://pulp.plan.io/issues/3055

Added by Paul Donohue about 7 years ago

Revision b3e2dd8b | View on GitHub

Add missing super() call in f73805f6

re #3055 https://pulp.plan.io/issues/3055

Actions #8

Updated by pcreech about 7 years ago

  • Project changed from Pulp to RPM Support
Actions #9

Updated by pcreech about 7 years ago

  • Platform Release set to 2.15.0
Actions #10

Updated by pcreech about 7 years ago

  • Status changed from MODIFIED to 5
Actions #12

Updated by pcreech almost 7 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE
Actions #13

Updated by kfiresmith almost 7 years ago

Huge thanks for getting this feature in place. For anyone else who comes across this, docs live here: https://docs.pulpproject.org/en/2.15/plugins/pulp_rpm/tech-reference/yum-plugins.html#gpg-signing-key

Actions #16

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added
Actions #17

Updated by rchan over 4 years ago

Do we have a tracker for Pulp 3 functionality? Or can we comment if Pulp 3 rpm plugin has parity with this functionality?

Actions #18

Updated by dkliban@redhat.com over 4 years ago

The pulp 3 feature is already implemented. https://pulp.plan.io/issues/4812

Also available in: Atom PDF