Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

yum_repository is not importing gpg keys as stated in the documentation #8654

Open
BasLangenberg opened this issue Jun 12, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@BasLangenberg
Copy link

commented Jun 12, 2019

Description

In the documentation, it is stated that for the yum_repository provider gpgkey option, that "If this option is set, Yum will automatically import the key from the specified URL."

Investigation shows that this is not the case and I cannot find evidence that Chef is downloading GPG keys in the source code.

Chef Version

Chef: 14.13.11

Platform Version

Redhat 7.6

Replication Case

Minimal Chef recipe:

yum_repository 'epel' do
  action :create
  description 'Fedora EPEL Repository'
  metalink 'https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch'
  failovermethod 'priority'
  gpgcheck true
  gpgkey 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL'
  enabled true
end

Checking the imported rpm keys afterwards will not show the gpg keys added to the system.

[vagrant@default-centos-7 ~]$ rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-f4a80eb5-53a7ff4b    gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>)

Reproduced in CentOS on Vagrant, and in a 'real' server running RHEL. Both version 7.6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.