RH403 - ch05s06

Generate a GPG key and sign an RPM package.
Configure a custom product and repository to use the GPG key to validate installed packages.
Update a content view to add the GPG-protected repository.
Install a package from the GPG-protected repository on a content host that is assigned to the content view.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start custom-admin

Instructions

The Operations development team previously created the Custom Software product and its Admin Tools repository without configuring GPG validation. You create a GPG key pair, associate the public key with the repository, sign an RPM package, and upload the signed package to the repository. Verify that current and future content hosts in this organization can install validated packages from this repository.

Log in to the Satellite Server web UI at https://satellite.lab.example.com as the admin user with redhat as the password.
In the upper-left corner of the web page, set the organization to Operations. Set the location to Any Location.

On the workstation system as the student user, generate a GPG key pair. Use testing123 as the passphrase.

[student@workstation ~]$ gpg --generate-key
...output omitted...

Real name: student
Email address: student@workstation.lab.example.com
You selected this USER-ID:
    "student <student@workstation.lab.example.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
...output omitted...
public and secret key created and signed.

pub   rsa3072 2022-09-07 [SC] [expires: 2024-09-06]
      1CACFBA29532C0291D7B12A0CC9FCF1697751C8A
uid                      student <student@workstation.lab.example.com>
sub   rsa3072 2022-09-07 [E] [expires: 2024-09-06]

Export an ASCII-encoded version of the public key to publish to client machines so that they can verify RPM packages that are signed with the private key.
```
[student@workstation ~]$ gpg --armor \
--export student@workstation.lab.example.com > public_key
```

Sign the ~/sm-practice-1.0-1.el9.x86_64.rpm package with the GPG key.

Install the rpm-sign tool package.

[student@workstation ~]$ sudo dnf install rpm-sign
...output omitted...

Create or modify the student's ~/.rpmmacros file to add the %_gpg_name macro for the key's ID.

[student@workstation ~]$ echo \
'%_gpg_name student <student@workstation.lab.example.com>' >> ~/.rpmmacros

Sign the sm-practice package. Use testing123 as the passphrase.

[student@workstation ~]$ rpmsign --addsign sm-practice-1.0-1.el9.x86_64.rpm
sm-practice-1.0-1.el9.x86_64.rpm:

Verify the signature for the sm-practice package. The warning signifies that the key that signed this package is not yet imported to the local system for rpm command use.

[student@workstation ~]$ rpm -qip sm-practice-1.0-1.el9.x86_64.rpm
warning: sm-practice-1.0-1.el9.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 97751c8a: NOKEY
Name        : sm-practice
Version     : 1.0
Release     : 1.el9
Architecture: x86_64
Install Date: (not installed)
Group       : Unspecified
Size        : 1304
License     : BSC
Signature   : RSA/SHA256, Wed 07 Sep 2022 04:57:46 AM EDT, Key ID cc9fcf1697751c8a
Source RPM  : sm-practice-1.0-1.el9.src.rpm
Build Date  : Mon 22 Aug 2022 09:59:04 AM EDT
Build Host  : workstation.lab.example.com
URL         : http://workstation.lab.example.com
Summary     : A simple program to practice building RPM packages
Description :
This program will function as a practice exercise for building an RPM package.

Configure the Admin Tool repository with the key, and upload the signed package to the repository.
1. From the Satellite web UI, add the GPG public key to the credentials store. Click Content → Content Credentials, and then click Create Content Credential.
2. Enter Example Software in the Name field.
3. Select GPG Key from the Type list. Click Browse, and then select the public_key file in the /home/student directory. Click Save.
4. Associate the GPG key with the Admin Tools repository. Click Content → Products, and then click the Custom Software link.
5. Click the Admin Tools repository. Edit the GPG Key field to select the Example Software public key from the list, and then click Save.
6. Upload the signed sm-practice package to the Admin Tools repository. In the Upload Package section, click Browse and select the sm-practice-1.0-1.el9.x86_64.rpm package in the /home/student directory. Click Upload.
Publish and promote the Admin Tools repository to the Development lifecycle environment in the Operations organization.
1. Click Content → Content Views, and then click the OperationsServerBase content view. In the Repositories tab, select the checkbox for the Admin Tools repository, and then click Add Repositories.
2. Click Publish new version. Enter Add Admin Tools Repository in the Description field. Click the Promote switch, and then select the Development checkbox. Click Next.
3. Review the details, and then click Finish. Wait for the process to complete.
Update the OperationsServers activation key to add the Admin Tools repository.
Note
The activation key is not needed for enabling a current content host to access the new repository. However, you should continuously update your activation keys with your organization's active repositories, to ensure that future content host registrations enable the necessary repositories.
1. Click Content → Activation Keys, and then click the OperationsServers link.
2. On the OperationsServers page, click the Repository Sets tab. View the Status column for each of the listed repositories.
3. Select the Admin Tools repository checkbox. Select Override to Enabled in the Select Action list.

Install the sm-practice package on the servera content host, and import the public key for the signed package.

[student@workstation ~]$ ssh student@servera
[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#

Install the sm-practice-1.0-1.el9.x86_64.rpm package. Because this package installation is the first use of this public key on the servera system, you must import the public key.

[root@servera ~]# dnf install sm-practice
...output omitted...
Is this ok [y/N]: y
...output omitted...
Importing GPG key 0x97751C8A:
 Userid     : "student <student@workstation.lab.example.com>"
 Fingerprint: 1CAC FBA2 9532 C029 1D7B 12A0 CC9F CF16 9775 1C8A
 From       : https://satellite.lab.example.com/katello/api/v2/repositories/25/gpg_key_content
Is this ok [y/N]: y
Key imported successfully
...output omitted...
Complete!

Return to the workstation system as the student user.

[root@servera ~]$ exit
logout
[student@servera ~]$ exit
logout
[student@workstation ~]$

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish custom-admin

Discuss Red Hat Satellite 6 Administration

Go to community

Welcome to the Red Hat Satellite 6 Administration (RH403) group in the Red Hat Learning Community!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Satellite 6 Administration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH403.Read more about Red Hat Satellite 6 Administration here.

Revision: rh403-6.11-3ad886e

Red Hat Satellite 6 Administration

Guided Exercise: Administer Custom Products and Repositories

Note