Bug 164200

Summary: rpm --import does not import fedora-extras key correctly.
Product: Red Hat Enterprise Linux 4 Reporter: Jim Pirzyk <jim+redhat>
Component: rpmAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED UPSTREAM QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-25 23:33:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jim Pirzyk 2005-07-25 21:25:55 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312

Description of problem:
When trying to import the fedoras-extra key (Key ID 1ac70ce6), rpm --import
stores it with the wrong KeyID.  This is a copy of the key downloaded from
the GPG key servers.

Version-Release number of selected component (if applicable):
rpm-4.3.3-9_nonptl

How reproducible:
Always

Steps to Reproduce:
1. gpg --recv-keys --keyserver hkp://subkeys.pgp.net 1ac70ce6
2. gpg --export --armour 1ac70ce6 > 1ac70ce6.asc
3. rpm --import 1ac70ce6.asc
  

Actual Results:  rpm -q gpg-pubkey  show this key now installed

gpg-pubkey-7ad14380-4245729a


Expected Results:  It shoudl have been this key:

gpg-pubkey-1ac70ce6-41bebeef


Additional info:

They key 7ad14380 is actually someone who signed the fedoras-extra key, thereby trusting it.
The rpm did not understand the difference between signing a key and the key itself.
Comment 1 Mark J. Cox 2005-07-29 10:43:09 UTC 
It is known that rpm cannot deal with importing keys that are signed
See for example :
https://www.redhat.com/archives/fedora-test-list/2004-October/msg02767.html

*** This bug has been marked as a duplicate of 90952 ***
Comment 2 Jim Pirzyk 2005-07-29 11:53:52 UTC 
Reopening this bug because I cannot reopen the other ticket, which I do not own.  This has not been 
fixed so it should not be closed.  Closing it ignores the problem is not being addressed.
Comment 3 Jeff Johnson 2005-10-25 23:33:51 UTC 
This problem is fixed (by computing the fingerprint id correctly for signed pubkeys) in rpm-4.4.2
and later