Bug 171530
Summary: | security: Maelstrom RPM unsigned, DoS's up2date | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Graham Leggett <minfrin> |
Component: | Maelstrom | Assignee: | Karsten Hopp <karsten> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | robatino |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-23 14:15:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Graham Leggett
2005-10-22 13:07:41 UTC
You may not have the Fedora Extras GPG key installed. If this is the case, up2date will falsely claim that the file is unsigned, when the only problem is that the corresponding key is not installed. To make sure, go into /etc/pki/rpm-gpg and install the GPG key (as root) with rpm --install RPM-GPG-KEY-fedora-extras I have Maelstrom installed and didn't have this problem when installing. In addition I just verified that http://download.fedora.redhat.com/pub/fedora/linux/extras/4/i386/Maelstrom-3.0.6-8.i386.rpm is properly signed with key 1ac70ce6. I tried to install the key (no idea why on earth the Fedora Core 4 upgrade process doesn't install it, but regardless) and the install attempt hangs for no apparent reason: [root@phoebe rpm-gpg]# rpm --install RPM-GPG-KEY-fedora-extras ^C [root@phoebe rpm-gpg]# Just figured it out - it was rpm --import instead of --install. Closing this bug, as the problem is with the FC4 setup and not Maelstrom. |