Bug 110404
| Summary: | up2date on text-only server reports GPG key problems incorrectly | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Brian Epstein <eprh> |
| Component: | up2date | Assignee: | Adrian Likins <alikins> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fanny Augustin <fmoquete> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-08-24 21:14:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This took me a while to figure out myself. The solution is there should be 3 GPG key's in /usr/share/rhn, RPM-GPG-KEY, RPM-GPG-KEY-fedora, and RPM-GPG-KEY-fedora-test. Using the Ć¢-fedoraĆ¢ key works successfully for me. Still doesn't work for me. I imported the fedora keys into
/etc/sysconfig/rhn/up2date-keyring.gpg and I'm getting the same errors.
[root@apiary root]# gpg --no-default-keyring --keyring
/etc/sysconfig/rhn/up2date-keyring.gpg --list-keys
/etc/sysconfig/rhn/up2date-keyring.gpg
--------------------------------------
pub 1024D/DB42A60E 1999-09-23 Red Hat, Inc <security>
sub 2048g/961630A2 1999-09-23
pub 1024D/897DA07A 2002-03-15 Red Hat, Inc. (Beta Test Software)
<rawhide>
sub 1024g/9E774FDD 2002-03-15
pub 1024D/4F2A6FD2 2003-10-27 Fedora Project <fedora>
sub 1024g/FB939E34 2003-10-27
pub 1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software)
<rawhide>
[root@apiary root]# up2date -u
Your GPG keyring does not contain the Red Hat, Inc. public key.
Without it, you will be unable to verify that packages Update Agent
downloads
are securely signed by Red Hat.
Your Update Agent options specify that you want to use GPG.
To install the key, run the following as root:
rpm --import /usr/share/rhn/RPM-GPG-KEY
[root@apiary root]#
The 3 GPG keys exist in /usr/share/rhn. Here are the fingerprints:
[root@apiary root]# gpg --no-default-keyring --keyring
/etc/sysconfig/rhn/up2date-keyring.gpg --fingerprint
/etc/sysconfig/rhn/up2date-keyring.gpg
--------------------------------------
pub 1024D/DB42A60E 1999-09-23 Red Hat, Inc <security>
Key fingerprint = CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E
sub 2048g/961630A2 1999-09-23
pub 1024D/897DA07A 2002-03-15 Red Hat, Inc. (Beta Test Software)
<rawhide>
Key fingerprint = 17E8 543D 1D4A A5FA A96A 7E9F FD37 2689 897D A07A
sub 1024g/9E774FDD 2002-03-15
pub 1024D/4F2A6FD2 2003-10-27 Fedora Project <fedora>
Key fingerprint = CAB4 4B99 6F27 744E 8612 7CDF B442 69D0 4F2A 6FD2
sub 1024g/FB939E34 2003-10-27
pub 1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software)
<rawhide>
Key fingerprint = 3166 C14A AE72 30D9 3B7A B2F6 DA84 CBD4 30C9 ECF8
|
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20030925 Description of problem: I have a text-only Fedora Core FC1 server install. I'm trying to do up2date on it. I have freshly removed and re-installed up2date, rhnlib, rpm (yes, rpm) to try and see if I had old copies of something laying around that was messing things up. --- snip --- apiary:/home/ep# rpm -q up2date rhnlib rpm up2date-4.1.16-1 rhnlib-1.4-1 rpm-4.2.1-0.30 --- snip --- When I try to run up2date: --- snip --- apiary:/home/ep# up2date Your GPG keyring does not contain the Red Hat, Inc. public key. Without it, you will be unable to verify that packages Update Agent downloads are securely signed by Red Hat. Your Update Agent options specify that you want to use GPG. To install the key, run the following as root: rpm --import /usr/share/rhn/RPM-GPG-KEY apiary:/home/ep# --- snip --- First error is that you have "rpm" when you mean "gpg" (oops). But, I run the command and I get: --- snip --- apiary:/home/ep# gpg --import /usr/share/rhn/RPM-GPG-KEY gpg: key DB42A60E: "Red Hat, Inc <security>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 apiary:/home/ep# --- snip --- Maybe it should be going into a different keyring? Ok, what about this keyring in /etc/sysconfig/rhn/up2date-keyring.gpg? --- snip --- gpg --import --keyring /etc/sysconfig/rhn/up2date-keyring.gpg /usr/share/rhn/RPM-GPG-KEY gpg: key DB42A60E: "Red Hat, Inc <security>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 apiary:/home/ep# --- snip --- Hrm, it appears that this key is in both root's keyring and /etc/sysconfig/rhn/up2date-keyring.gpg. Just for completeness, how about my user id's gpg keyring --- snip --- apiary:~$ gpg --list-keys 0xDB42A60E pub 1024D/DB42A60E 1999-09-23 Red Hat, Inc <security> sub 2048g/961630A2 1999-09-23 apiary:~$ gpg --import /usr/share/rhn/RPM-GPG-KEY gpg: key DB42A60E: "Red Hat, Inc <security>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 --- snip --- Looks like it is in all three keyrings. More completeness. Maybe rpm really does have the ability to import gpg keys. I'll do what the instructions say. --- snip --- apiary:~# up2date Your GPG keyring does not contain the Red Hat, Inc. public key. Without it, you will be unable to verify that packages Update Agent downloads are securely signed by Red Hat. Your Update Agent options specify that you want to use GPG. To install the key, run the following as root: rpm --import /usr/share/rhn/RPM-GPG-KEY apiary:~# rpm --import /usr/share/rhn/RPM-GPG-KEY apiary:~# up2date Your GPG keyring does not contain the Red Hat, Inc. public key. Without it, you will be unable to verify that packages Update Agent downloads are securely signed by Red Hat. Your Update Agent options specify that you want to use GPG. To install the key, run the following as root: rpm --import /usr/share/rhn/RPM-GPG-KEY apiary:~# --- snip --- Nope, that doesn't do it either. Am I missing something obvious? Version-Release number of selected component (if applicable): 4.1.16-1 How reproducible: Always Steps to Reproduce: 1. Run up2date from command line after fresh install of FC1. 2. Follow key importation instructions. 3. Rinse and repeat. Actual Results: Your GPG keyring does not contain the Red Hat, Inc. public key. Without it, you will be unable to verify that packages Update Agent downloads are securely signed by Red Hat. Your Update Agent options specify that you want to use GPG. To install the key, run the following as root: rpm --import /usr/share/rhn/RPM-GPG-KEY Expected Results: textual up2date process Additional info: