This repository was archived by the owner on Aug 16, 2023. It is now read-only.
This repository was archived by the owner on Aug 16, 2023. It is now read-only.
entitlement: using the same content for the entitlement.pem and entitlement-key.pem isn't safe #164
Description
As per this issue openshift-psap/blog-artifacts#6, using the same content for entitlement.pem and entitlement-key.pem isn't safe,
as confirmed by this command:
$ NAME=key
$ podman run --rm -it -v $KEY:/etc/pki/entitlement/$NAME.pem registry.access.redhat.com/ubi8-minimal:8.3-298 bash -x -c "cp /etc/pki/entitlement/$NAME.pem /etc/pki/entitlement/$NAME-key.pem; microdnf install kernel-devel"
+ cp /etc/pki/entitlement/key.pem /etc/pki/entitlement/key-key.pem
+ microdnf install kernel-devel
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
error: cannot update repo 'rhel-8-for-x86_64-baseos-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (58): Problem with the local SSL certificate for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [unable to set private key file: '/etc/pki/entitlement/key-key-key.pem' type PEM]
NAME=entite--> doesn't workNAME=entitlement--> works