Thursday, February 27, 2014

How to Sign Packages for Custom Satellite Channel

This page describes how to sign or resign packages (RPM's) from Third Party or custom rpm's and add them to custom channel. 

  1. Create GPG Key for Custom Packages 
    • gpg --gen-key   (if having problem us rng package - see SpaceWalk commands  ) 
      • follow instructions How to Create GPG Key on Virtual Machine 
        • yum install rng-tools 
        •  sed -i 's,EXTRAOPTIONS.*,EXTRAOPTIONS="-r /dev/urandom",' /etc/sysconfig/rngd  
        • service rngd start 
        • gpg --gen-key  
    • use gpg --list-key to show key  
  2. Retrieve or Export your public key 
    • # gpg --export -a myco-gpg > myco-pubkey.txt  
  3. Copy the key to PUB directory on Satellite 
    • # cp myco-pubkey.txt /var/www/html/pub/MYCO-PUB  
  4. Copy the GPG key into /var/www/html/pub on the Satellite Server so that existing servers can access it  using:\ 
  5. Upload the key to Satellite/Spacewalk 
    • go to Systems > Kickstart > GPG & SSL Keys 
    • click on create new stored key/cert 
    • Type in a description, and upload the file, by clicking create key 

  6. Upload RPM to Satellite/Spacewalk server temporary location.  
  7. Create or edit ~/.rpmmacros file as follows, where number is 2nd number shown from gpg --key-list 
    • .rpmmacros file 
      • %_signature gpg  
      • %_gpg_name B7085C8A 
    • rpm --resign package-name-1.0-1.noarch.rpm 
    • rpm --checksig -v package-name-1.0-1.noarch.rpm   
  8. Use rhn_push to push package to channel 
    1. rhn_push /tmplocation/*.rpm --server=https://mysatelite/APP  -a -c=mycustomchannel -u MYUser -p MyPass -c mycustomchannel 

  9. Add Custom Channel to your Master Activation Key and then add the packages you want to install in packages section. 
  10. or add gpg to your kickstart profile. Go to Kickstart > Profiles, MyProfile > System Details > GPG and check the MYCO-PUB gpg key, then click Update Keys