Bug 1089498

Summary: Image is missing GPG keys (or symlinks)
Product: [Retired] Atomic Reporter: Eric Rich <erich>
Component: kernelAssignee: Colin Walters <walters>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-07 13:52:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Rich 2014-04-19 20:41:17 UTC 
Description of problem:

Yum update does not work because the file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch can not be found. 

Version-Release number of selected component (if applicable): 20140414.1.qcow2 image. 

How reproducible: very 

Steps to Reproduce:
1. yum update

Actual results:

GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64"

Expected results:

Should be able to use on of the existing GPG keys. 

Additional info:

# ls -la /etc/pki/rpm-gpg/
total 28
drwxr-xr-x. 2 root root 4096 Apr 19 19:59 .
drwxr-xr-x. 8 root root   77 Apr 19 19:59 ..
lrwxrwxrwx. 1 root root   29 Apr 19 19:59 RPM-GPG-KEY-fedora -> RPM-GPG-KEY-fedora-20-primary
-rw-r--r--. 1 root root 1658 Apr 14 20:12 RPM-GPG-KEY-fedora-19-primary
-rw-r--r--. 1 root root 3819 Apr 14 20:16 RPM-GPG-KEY-fedora-19-secondary
-rw-r--r--. 1 root root 1658 Apr 14 20:22 RPM-GPG-KEY-fedora-20-primary
-rw-r--r--. 1 root root 3819 Apr 14 20:28 RPM-GPG-KEY-fedora-20-secondary
-rw-r--r--. 1 root root 1658 Apr 14 20:26 RPM-GPG-KEY-fedora-21-primary
-rw-r--r--. 1 root root 3819 Apr 14 20:23 RPM-GPG-KEY-fedora-21-secondary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-aarch64 -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-arm -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-armhfp -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   29 Apr 19 19:59 RPM-GPG-KEY-fedora-i386 -> RPM-GPG-KEY-fedora-20-primary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-ppc -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-ppc64 -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-s390 -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   31 Apr 19 19:59 RPM-GPG-KEY-fedora-s390x -> RPM-GPG-KEY-fedora-20-secondary
lrwxrwxrwx. 1 root root   29 Apr 19 19:59 RPM-GPG-KEY-fedora-x86_64 -> RPM-GPG-KEY-fedora-20-primary
Comment 1 Eric Rich 2014-04-19 20:45:44 UTC 
The following does not resolve the issue: 

# ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64

It seems this cannot resolve the issue because the RPM database is Read Only. 

Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/20/updates/packages/kernel-3.13.10-200.fc20.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 246110c1: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64
Importing GPG key 0x246110C1:
 Userid     : "Fedora (20) <fedora>"
 Fingerprint: c7c9 a9c8 9153 f201 83ce 7cba 2eb1 61fa 2461 10c1
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64
Is this ok [y/N]: y
error: cannot open Packages index using db5 - Read-only file system (30)
error: cannot open Packages database in /var/lib/rpm


Key import failed (code 2)


 Failing package is: kernel-3.13.10-200.fc20.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64
Comment 2 Colin Walters 2014-04-21 13:15:24 UTC 
Yeah, you need to use "rpm-ostree upgrade".  A future version will cause yum to explicitly note the read-only state and cleanly error out, if it is present in the system.
Comment 3 Eric Rich 2014-04-21 13:32:08 UTC 
So how do I install vim? 

Because of the GPG key issue you can't do things like install packages to the OS (at least in the standard way), and I do not see documentation on how to do things like install a package from the fedora repositories.  

It looks like I need to edit some json file to add packages to some tree. 

https://github.com/cgwalters/rpm-ostree/blob/master/doc/demo-treefile.json
Comment 4 Colin Walters 2014-04-21 13:47:10 UTC 
(In reply to Eric Rich from comment #3)
> So how do I install vim? 

At present you would need to pull it as a docker container, or:

> It looks like I need to edit some json file to add packages to some tree. 

Right, or you could compose your own tree.

I know that the rpm-ostree model will become significantly more general purpose once one has the flexibility to add packages on top per client - stay tuned on this, I expect this to land within a few months.

(It's nontrivial because I need to create a new tree rather than change the current one, in order to support rollbacks)
Comment 5 Colin Walters 2017-06-07 13:52:30 UTC 
This should be fixed with `rpm-ostree install` now.