We are trying to add a channel for Amazon Corretto (https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/generic-linux-install.html) to our SUMA 3.2 install.
https://yum.corretto.aws/corretto.repo contains:
[AmazonCorretto]
name=Amazon Corretto
baseurl=https://yum.corretto.aws/$basearch
enabled=1
gpgkey=https://yum.corretto.aws/corretto.key
gpgcheck=1
So I created a channel with https://yum.corretto.aws/corretto.key as the “GPG key URL”.
When I try to run spacewalk-repo-sync I get:
# spacewalk-repo-sync --channel amazon-corretto-12-sp3-pool-x86_64
09:36:12 ======================================
09:36:12 | Channel: amazon-corretto-12-sp3-pool-x86_64
09:36:12 ======================================
09:36:12 Sync of channel started.
09:36:13 ChannelException: GPG key retrieval failed: [Errno 14] HTTP Error 403 : https://yum.corretto.aws/x86_64//repodata/repomd.xml.key
09:36:13 Total time: 0:00:00
Why isn’t spacewalk-repo-sync using the URL specified for this channel?
I tried importing https://yum.corretto.aws/corretto.key into GPG and saw the following:
# mkdir /tmp/g; chmod 700 /tmp/g
# gpg --homedir=/tmp/g --import corretto.key
gpg: /tmp/g/trustdb.gpg: trustdb created
gpg: key A122542AB04F24E3: public key "Amazon Services LLC (Amazon Corretto release) <corretto-team@amazon.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
Notice the key id is A122542AB04F24E3. There is a “GPG key ID” field in the channel setup and this id cannot be input. Does this mean that even if somehow spacewalk-repo-sync were to import the correct key URL that the key would not be imported correctly?