Bug 1046332

Summary: GPG key check fails
Product: [Fedora] Fedora Reporter: Michael Cronenworth <mike>
Component: fedupAssignee: Will Woods <wwoods>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: tflink, wwoods
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-23 21:13:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Cronenworth 2013-12-24 15:30:13 UTC 
Description of problem:
fedup downloads all of the RPMs necessary for update and then fails:

Downloading failed: GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64"


Version-Release number of selected component (if applicable):
fedup-0.8.0-3.fc19.noarch
fedora-release-19-5.noarch


The key /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 is only available in fedora-release-19-2.noarch. Later versions removed the link in the vein that fedup would use the version in the file to pull in the correct GPG key. Who is to blame here?

http://pkgs.fedoraproject.org/cgit/fedora-release.git/commit/?h=f19&id=b5386dcaa1171232460feb74fa9b67b37a066065
Comment 1 Michael Cronenworth 2013-12-24 15:35:41 UTC 
Workaround:
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64
Comment 2 Will Woods 2014-01-23 21:13:43 UTC 
This happens if the gpgkey listed in a .repo file doesn't exist, or if the path is wrong. 

Since fedup doesn't own the .repo files or the keys, there's nothing I can do in fedup to fix this - the problem belongs to whoever owns the repo files and the keys.

The .repo files and keys provided by fedora-release-19-5 are confirmed to have the correct paths, so this should be fixed for most users.

Some people might still have their old .repo file in place. Check to see if there's a corresponding .repo.rpmnew file, and use that to update the .repo file.

Otherwise, you must have custom/3rd party .repo files that have the wrong gpgkey path, which you should fix (or ask the distributor to fix).
Comment 3 Michael Cronenworth 2014-01-23 21:26:56 UTC 
Yes, this problem is due to old .repo files.

Would it be helpful to output a better error message? The current one is too obscure. Something such as "Please check that your repo files and GPG keys are up-to-date/correct versions."