Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1363863 - [RFE] How to create rpm package, sign and upload to one specific repo
Summary: [RFE] How to create rpm package, sign and upload to one specific repo
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Docs Content Management Guide
Version: 6.1.9
Hardware: All
OS: Linux
medium
medium vote
Target Milestone: 6.3
Assignee: Melanie Corr
QA Contact: Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-03 18:25 UTC by Waldirio M Pinheiro
Modified: 2018-12-06 20:59 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-05 10:06:51 UTC


Attachments (Terms of Use)

Description Waldirio M Pinheiro 2016-08-03 18:25:15 UTC
Document URL: https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/content-management-guide/

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 
Customer asked for add information in the official documentation about:
- How to create RPM packages
- How to sign RPM packages to Sat6
- How to upload packages and turn it available via Sat6

Additional information:

Comment 10 Andrew Dahms 2017-09-06 01:13:04 UTC
Assigning to Melanie for review.

Melanie - this is another relatively involved bug, and looks like we need to provide an updated version of content from Satellite 5 for Satellite 6.

The main differences are listed in comment #7, but a general review of the content included in the Satellite 5 documentation in the 'Building Custom Packages' chapter would also be good.

For example, an overall review for style and consistency would be good, along with removal of colloquialisms and statements such as our opening line 'There are many things that might go wrong when building software packages.'

Let me know if you have any questions about this one as well, and I would be happy to talk about some of the main changes.

This looks like it would be a good appendix to the Content Management Guide.

Comment 11 Andrew Dahms 2018-02-26 01:07:05 UTC
Updating release flags.

Comment 12 Melanie Corr 2018-03-28 16:12:16 UTC
Hi Andrew, all, 

Sorry for the delay in replying to this. It has taken me quite a lot of time to research this fully. 

Here are my thoughts:

The creation of RPMs is taken care of with the RPM packaging guides. 

I asked the Satellite group and the signing of RPMs and the handing of the GPG key and received the following response: 

"Yes..the person assembling the RPM, I would think, should be the authority signing the RPM guaranteeing it's authenticity.

They also have to provide you a copy of the GPG public key in ASC format for you to import into your Satellite. Then set/assign that GPG key to
the repository that's delivering the Custom Software."

If the signing of RPMs and creation of GPG copy in ASC format is not handled in RPM packaging guide, it probably should be. The RHEL docs team must be approached to provide that. 

I think the chapter 5.1. Using Custom Products in Satellite https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/content_management_guide/importing_custom_content in the Content Management Guide takes care of the rest of this from a Satellite perspective. 

Any further thoughts? 

Thanks, 

Melanie

Comment 13 Andrew Dahms 2018-04-03 01:07:46 UTC
Hi Melanie,

Thank you for sharing your detailed thoughts on this bug.

I agree with what you have proposed, and feel it would be reasonable to close this bug on the basis that this information should be covered in the RPM Packaging Guide.

There are two follow on actions I can see us potentially taking based on this -

* Adding a link to the RPM Packaging Guide from the Satellite documentation if
  no such link currently exists.

* Raising a bug against the RHEL documentation to request the addition of
  content on signing RPMs and creating a GPG copy in ASC format, which does not
  appear to be handled in the RPM Packaging Guide.

What do you think, Melanie?

Kind regards,

Andrew

Comment 14 Melanie Corr 2018-04-03 10:37:31 UTC
(In reply to Andrew Dahms from comment #13)
> Hi Melanie,
> 
> Thank you for sharing your detailed thoughts on this bug.
> 
> I agree with what you have proposed, and feel it would be reasonable to
> close this bug on the basis that this information should be covered in the
> RPM Packaging Guide.
> 
> There are two follow on actions I can see us potentially taking based on
> this -
> 
> * Adding a link to the RPM Packaging Guide from the Satellite documentation
> if
>   no such link currently exists.
> 
> * Raising a bug against the RHEL documentation to request the addition of
>   content on signing RPMs and creating a GPG copy in ASC format, which does
> not
>   appear to be handled in the RPM Packaging Guide.
> 
> What do you think, Melanie?
> 
> Kind regards,
> 
> Andrew

Hi Andrew, 

I agree with both points. 

Thanks, 

Melanie

Comment 17 Melanie Corr 2018-04-05 10:06:51 UTC
This change is now live in the Customer Portal:


https://access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/content_management_guide/importing_custom_content

I have opened the following bug to request addition of RPM signing to the RPM packaging guide: 

https://bugzilla.redhat.com/show_bug.cgi?id=1564079


Note You need to log in before you can comment on or make changes to this bug.