Bug 200739

Summary: rpm --import of a keyfile with signatures results in bad gpg-pubkey database entry
Product: Red Hat Enterprise Linux 4 Reporter: Bastien Nocera <bnocera>
Component: rpmAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0315 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-01 22:53:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bastien Nocera 2006-07-31 14:04:43 UTC 
+++ This bug was initially created as a clone of Bug #90952 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
Certain GPG public keys are not imported correctly by RPM. The resulting RPM
database entries contain an incorrect version tag.

Version-Release number of selected component (if applicable):
rpm-4.2-0.69

How reproducible:
Always

Steps to Reproduce:
1. gpg --recv-keys 54A2ACF1
2. gpg --export -a 54A2ACF1 > key.txt
3. rpm --import key.txt
4. rpm -q gpg-pubkey --last | head -1
  

Why does it get named 55f3aa6f?

  # rpm -qi gpg-pubkey-55f3aa6f | gpg 
  pub  1024D/54A2ACF1 --snip--
  sub  2048g/4AD75982 2002-11-25  [expires: 2007-11-24]


Actual Results:  gpg-pubkey-55f3aa6f-3e30940d                  Thu 15 May 2003
20:40:10 CEST

ASCII-armored key was parsed incorrectly, resulting in wrong key id.

Expected Results:  gpg-pubkey-54a2acf1-3e30940d                  Thu 15 May 2003
20:40:10 CEST


Additional info:

http://www.fedora.us/pipermail/fedora-devel/2003-May/001291.html
https://www.redhat.com/mailman/private/rpm-list/2003-May/msg00279.html
https://www.redhat.com/archives/redhat-list-de/2003-May/msg00113.html
http://groups.google.de/groups?ie=UTF-8&oe=UTF-8&as_umsgid=69f31d11.0303081433.e105922%40posting.google.com&lr=&hl=de
Comment 1 Bastien Nocera 2006-07-31 14:09:10 UTC 
$ rpm -q rpm
rpm-4.3.3-13_nonptl
$ gpg --keyserver pgp.mit.edu --recv-keys 30c9ecf8
gpg: key 30C9ECF8: "Fedora Project (Test Software) <rawhide>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ gpg --export -a 30c9ecf8 > key7.txt
$ gpg key7.txt
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software) <rawhide>
$ sudo rpm --import key7.txt
Password:
$ rpm -q gpg-pubkey --last | head -1
gpg-pubkey-5a2457cf-429f0aee                  Sat 22 Jul 2006 10:40:40 AM EDT
$ rpm -qi gpg-pubkey-5a2457cf-429f0aee > foo.txt
$ gpg foo.txt
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software) <rawhide>

So it's just the package name that's wrong, the data is still right though.
Comment 2 Jeff Johnson 2006-08-05 07:56:45 UTC 
rpm-4.4.2 and later calculate the fingerprint correctly, rather than relying on
field within the pubkey for the fingerprint.

Either use gpg to edit the pubkey packets before importing, or upgrade/backport the changes in 
rpm-4.4.2.
Comment 3 RHEL Program Management 2006-08-18 14:55:36 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 10 Red Hat Bugzilla 2007-05-01 22:53:30 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0315.html