opal-server package not signed?

[bjornwiberguuse]

Describe the bug

The opal-server RPM package (from https://obiba.jfrog.io/artifactory/rpm-local) does not appear to be signed (with https://obiba.jfrog.io/artifactory/rpm-local/repodata/repomd.xml.key).

Is this perhaps something that can be fixed (enabling the signing for future releases)? Note: Other OBiBa products from the same repository might be affected by this, too.

To Reproduce

Steps to reproduce the behavior:

1. Create /etc/yum.repos.d/obiba-noarch.repo with the following contents:

   name=obiba-noarch
   baseurl=https://obiba.jfrog.io/artifactory/rpm-local
   enabled=1
   gpgcheck=1
   gpgkey=https://obiba.jfrog.io/artifactory/rpm-local/repodata/repomd.xml.key

2. Install/update the opal-server package:

   yum install opal-server

3. This displays the following error:

   Package opal-server-4.5.2-1.noarch.rpm is not signed

Expected behavior

The package installs/updates without any complaints from yum.

[ymarcon]

TODO: sign rpms before pushing them to artifactory https://access.redhat.com/articles/3359321

[github-actions[bot]]

This issue is stale because it has been open for a year with no activity. It will be closed if no further activity occurs. Thank you for your contributions.