Bug 2102539

Summary:	rpmkeys import fails without error message
Product:	Red Hat Enterprise Linux 9	Reporter:	Frank Büttner <bugzilla>
Component:	rpm	Assignee:	Packaging Maintenance Team <packaging-team-maint>
Status:	CLOSED DUPLICATE	QA Contact:	swm-qe
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	CentOS Stream	CC:	bstinson, ffesti, jwboyer
Target Milestone:	rc	Flags:	pm-rhel: mirror+
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-08-02 14:16:12 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Frank Büttner 2022-06-30 07:34:53 UTC

Description of problem:
When I try to import an gpg key, which will work on CentOS 7+8 and Fedora 35 it fails on CentOS Stream 9

Version-Release number of selected component (if applicable):
rpm-4.16.1.3-11.el9.x86_64

How reproducible:
Every time


Steps to Reproduce:
1. call rpmkeys --import <PATH to Key>


Actual results:
only the message:
error: <PATH to Key>: key 1 import failed.

Expected results:
Imported key


Additional info:
Also the call with -vvv don't show any information.
ufdio:       1 reads,    17654 total bytes in 0.000013 secs
ufdio:       1 reads,     3155 total bytes in 0.000002 secs
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: PRAGMA secure_delete = OFF: 0
D: PRAGMA case_sensitive_like = ON: 0
D:  read h#     355 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-8483c65d-5ccc5b19 to keyring
D:  read h#     424 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-e796207d-58a6aee6 to keyring
D:  read h#     425 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-9e61ef26-5cabbf8a to keyring
D: added subkey 0 of main key gpg-pubkey-9e61ef26-5cabbf8a to keyring
D:  read h#     426 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-3228467c-613798eb to keyring
D:  read h#     517 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-7f509f29-5b2b4f5a to keyring
D: added subkey 0 of main key gpg-pubkey-7f509f29-5b2b4f5a to keyring
D:  read h#     518 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-16030209-5eaab012 to keyring
D: added subkey 0 of main key gpg-pubkey-16030209-5eaab012 to keyring
D:  read h#     519 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-0e24f074-5728835d to keyring
D: added subkey 0 of main key gpg-pubkey-0e24f074-5728835d to keyring
D:  read h#     520 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-e657ebe0-5aefddea to keyring
D: added subkey 0 of main key gpg-pubkey-e657ebe0-5aefddea to keyring
D:  read h#     521 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-935b51a4-5e53750f to keyring
D: added subkey 0 of main key gpg-pubkey-935b51a4-5e53750f to keyring
D:  read h#     522 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-bc455217-621344c3 to keyring
D: added subkey 0 of main key gpg-pubkey-bc455217-621344c3 to keyring
D:  read h#     526 
Header SHA256 digest: OK
Header SHA1 digest: OK
D: added key gpg-pubkey-809750a5-622f28f4 to keyring
D: added subkey 0 of main key gpg-pubkey-809750a5-622f28f4 to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
error: <PATH to Key>: key 1 import failed.

Comment 1 Florian Festi 2022-08-02 14:16:12 UTC

Long story short: This is caused by disabling SHA1 signatures on a global level in RHEL 9 as they are no longer deemed save enough. We are adding a better error message in rpm.

*** This bug has been marked as a duplicate of bug 2069877 ***