Bug 499479

Summary: rpm import of key should not duplicate duplicate keys
Product: Red Hat Enterprise Linux 5 Reporter: Kevin Graham <kgraham>
Component: rpmAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED NEXTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 5.2CC: pmatilai
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-07 12:54:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kevin Graham 2009-05-06 19:38:10 UTC 
Presently a key imported (w 'rpm --import') will be accepted on every invocation and duplicates added.

This behavior is annoying, but is much worse when compounded with the inability to easily detect a key's presence. Though the fingerprint (appears) to be stored in the Version and Release fields, its not clear that this behavior is guaranteed nor is it easily scripted (presumably via zeroing a gpg keyring, importing, extracting signature of installed keys, and then comparing against RPM database).

The only other apparent alternative (incompletely listed in bug 76899 comment 2) would be to extract all keys, combine with desired import key, remove duplicates, and reimport. This is all rather silly compared to simply not importing a duplicate in the first place.

A replace-on-duplicate would be reasonable, however I would think a graceful-failure-on-duplicate would be preferable to avoid unnecessary write operations on the rpmdb.
Comment 1 Panu Matilainen 2013-03-07 12:54:13 UTC 
This request was evaluated by Red Hat Engineering for inclusion in a Red Hat Enterprise Linux maintenance release.

Red Hat does not currently plan to provide this change in a Red Hat Enterprise Linux update release for currently deployed products.

With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating enhancements for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects. 

However this has been fixed in Red Hat Enterprise Linux 6, where rpm no longer imports duplicate keys.