Using GPG Keys

Uyuni uses GPG keys to check the authenticity of software packages installed on clients. In many cases, you will not need to adjust the GPG settings to be able to install software on your clients.

By default, some operating systems do not trust the GPG key for the Uyuni client tools. The clients can be successfully bootstrapped without the GPG key being trusted. However, you will not be able to install new client tool packages or update them until the keys are trusted.

Procedure: Trusting GPG Keys on Clients
  1. On the Uyuni Server, at the command prompt, check the contents of the /srv/www/htdocs/pub/ directory. This directory contains all available public keys. Take a note of the key that applies to the client you are registering.

  2. Open the relevant bootstrap script, locate the ORG_GPG_KEY= parameter and add the required key. For example:

    uyuni-gpg-pubkey-0d20833e.key

    You do not need to delete any previously stored keys.

  3. If you are bootstrapping clients from the Uyuni Web UI, you will need to use a Salt state to trust the key. Create the Salt state and assign it to the organization. You can then use an activation key and configuration channels to deploy the key to the clients.