Bug 113249

Summary: up2date problems with gpg
Product: [Fedora] Fedora Reporter: Alan Deaton <a_deaton>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: a_deaton
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:00:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alan Deaton 2004-01-10 17:36:23 UTC 
Description of problem:

Fedora core now seems to require gpg keys for the material
installed/updated on the box.  I have found the following packages
will not install due to problems with gpg not being able to verify the
package content:

     Kernel-2.4.22-1.2140
     binutils-2.14.90.0.6-4
     glibc-2.3.2-101.1
     gnupg-1.2.3-2
     gphoto2-2.1.3-1
     gphoto2-2.1.3-1
     httpd-2.0.48.1.2
     net-snmp-5.1-2.1
     nptl-devel (requires glibc)
     php-4.3.4-1.1
     
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Fresh install Fedora Core 1 disks from website
2. Begin Up2Date from the RHN Alert Notification Tool
3. Select Packages to Install
  
Actual results:

Some packages install without issue.  The others come up with a
message the gpg key was not verified.  If you continue, it will d/l
the remaining packages, however when it goes to install, the first
file it comes to with a gpg problem seems to be corrupted and up2date
exits out at that point.  Had to install packages 1 by 1 till I was
able to locate all the files with this problem.

Expected results:

Should read and verify key and install normally as does RH9.

Additional info:

If I have missed something in the documentation or on the websites FAQ
and how to lists please steer me in the right direction. Thanks Alan
Comment 1 P Fudd 2004-02-06 08:39:34 UTC 
Aha!  I found the problem!

If the rpm file doesn't get fully downloaded (which happens a lot),
the GPG key will fail to verify, and give this error!

Two ways of checking this:

1) rpm -Kv the-rpm-file-in-question.i386.rpm

If the md5 checksum fails as well as the gpg signature, the rpm got
cut off.

2) ls -l the-rpm-file.i386.rpm

If the size doesn't match what's on the ftp site, the rpm got cut off.

Workaround: download the file with 'wget -c .....' or something.

Fix: make rpm check the size before the signature; make up2date do a
better job of downloading.
Comment 2 William M. Quarles 2004-06-29 20:53:16 UTC 
This is a duplicate of bug #111601.  Someone at Red Hat please mark it
as such.
Comment 3 Adrian Likins 2004-08-24 22:19:06 UTC 

*** This bug has been marked as a duplicate of 111601 ***
Comment 4 Red Hat Bugzilla 2006-02-21 19:00:42 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.