Bug 579223

Summary: Package krb5-libs-1.7.1-7.fc13.i686.rpm is not signed
Product: [Fedora] Fedora Reporter: Thomas Meyer <thomas.mey>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: nalin, sergei.litvinenko
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-05 18:25:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Meyer 2010-04-03 12:01:19 UTC 
Description of problem:
Package krb5-libs-1.7.1-7.fc13.i686.rpm is not signed

Version-Release number of selected component (if applicable):
Package krb5-libs-1.7.1-7.fc13.i686.rpm is not signed

How reproducible:
always

Steps to Reproduce:
1. sudo yum upgrade
2.
3.
  
Actual results:
Package krb5-libs-1.7.1-7.fc13.i686.rpm is not signed

Expected results:


Additional info:
Comment 1 Sergei LITVINENKO 2010-04-03 16:33:52 UTC 
Have the same

[root@fedora13a ~]# export LC_ALL=C; export LANG=C; yum update
...

Total size: 569 M
Is this ok [y/N]: y
Downloading Packages:

Package krb5-libs-1.7.1-7.fc13.i686.rpm is not signed
Comment 2 Nalin Dahyabhai 2010-04-05 13:12:25 UTC 
When I use yumdownloader to fetch the packages and examine them with "rpm -Kv", they appear to be signed with key e8e40fde, which is the key bundled with the fedora-release package in the file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-13-primary.  Do you not have this file on your system?  Did yum not prompt to install this key?
Comment 3 Thomas Meyer 2010-04-08 16:55:34 UTC 
(In reply to comment #2)
> When I use yumdownloader to fetch the packages and examine them with "rpm -Kv",
> they appear to be signed with key e8e40fde, which is the key bundled with the
> fedora-release package in the file
> /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-13-primary.  Do you not have this file on
> your system?

Yes.

$ ls -ld /etc/pki/rpm-gpg/RPM-GPG-KEY-*
-rw-r--r--. 1 root root 1726  1. Mär 2007  /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
lrwxrwxrwx. 1 root root   29 27. Mär 21:50 /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora -> RPM-GPG-KEY-fedora-13-primary
-rw-r--r--. 1 root root 1653 22. Mär 22:01 /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-13-primary
lrwxrwxrwx. 1 root root   29 27. Mär 21:50 /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-i386 -> RPM-GPG-KEY-fedora-13-primary
lrwxrwxrwx. 1 root root   29 27. Mär 21:50 /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-ppc -> RPM-GPG-KEY-fedora-13-primary
lrwxrwxrwx. 1 root root   29 27. Mär 21:50 /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-ppc64 -> RPM-GPG-KEY-fedora-13-primary
lrwxrwxrwx. 1 root root   29 27. Mär 21:50 /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 -> RPM-GPG-KEY-fedora-13-primary

>  Did yum not prompt to install this key?    

I did import the key mentioned on the homepage "https://fedoraproject.org/de/keys" that is:

pub   4096R/E8E40FDE 2010-01-19
      Key fingerprint = 8E5F 73FF 2A18 1765 4D35  8FCA 7EDC 6AD6 E8E4 0FDE
uid                  Fedora (13) <fedora>


$ rpm -Kv /var/cache/yum/i386/13/fedora/packages/krb5-libs-1.7.1-7.fc13.i686.rpm
/var/cache/yum/i386/13/fedora/packages/krb5-libs-1.7.1-7.fc13.i686.rpm:
    Header SHA1 digest: OK (d311c71114bd14a610f39ca27abc6a7e8762eab3)
    MD5 digest: OK (0df52b09950da62c122e62cf08d8a487)

$ gpg /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-13-primary 
pub  4096R/E8E40FDE 2010-01-19 Fedora (13) <fedora>
Comment 4 Thomas Meyer 2010-04-08 17:07:39 UTC 
while running "sudo yum upgrade" I get this message:

Presto reduced the update size by 60% (from 49 M to 20 M).
Package(s) data still to download: 34 M
(1/27): ModemManager-0.3-7.git20100405.fc13.i686.rpm                                               | 161 kB     00:00     
(2/27): gnome-icon-theme-extras-2.30.0-1.fc13.noarch.rpm                                           | 360 kB     00:09     
(3/27): gnome-packagekit-2.30.0-2.fc13.i686.rpm                                                    | 2.8 MB     00:41     
(4/27): gnome-themes-2.30.0-3.fc13.noarch.rpm                                                      | 2.5 MB     00:57     
(5/27): google-chrome-beta-5.0.342.9-43360.i386.rpm                                                |  16 MB     00:23     
(6/27): krb5-libs-1.7.1-7.fc13.i686.rpm                                                            | 655 kB     00:00     
http://fedora.tu-chemnitz.de/pub/linux/fedora/linux/development/13/i386/os/Packages/krb5-libs-1.7.1-7.fc13.i686.rpm: (-1, u'Package does not match intended download. Suggestion: run yum clean metadata')
Trying other mirror.
Comment 5 Thomas Meyer 2010-05-05 18:25:51 UTC 
So how could this happen at all. Upgrade did work now. Maybe some mirror system was hacked?