Bug 969912

Summary: I cannot import the TUXONICE GPG key
Product: [Fedora] Fedora Reporter: Kevin J. Cummings <cummings>
Component: rpmAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 18CC: ffesti, jzeleny, novyjindrich, packaging-team-maint, pknirsch, pmatilai
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-03 07:00:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kevin J. Cummings 2013-06-03 01:46:32 UTC 
Description of problem:
Can't install gpg key for tuxonice repository


Version-Release number of selected component (if applicable):
rpm-4.10.3.1-1.fc18.i686



How reproducible:
fails every attempt for me.



Steps to Reproduce:
1. rpm --import --import http://mhensler.de/swsusp/download/SUSPEND2-RPM-KEY
2.
3.

Actual results:
error: http://mhensler.de/swsusp/download/SUSPEND2-RPM-KEY: key 1 import failed.


Expected results:
I expect the key to be added and be usable by yum.


Additional info:

My system was installed via the F17 live CD copied to my hard drive, then later (after many new packages installed and updates done) I used "fedup" to upgrade to F18.  I don't recall having any problems adding new repos under F17.

The following is the debug output using -vv

D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening  db environment /var/lib/rpm cdb:0x401
D: opening  db index       /var/lib/rpm/Packages 0x400 mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Name 0x400 mode=0x0
D:  read h#     264 Header sanity check: OK
D: added key gpg-pubkey-1aca3465-4f0c91e2 to keyring
D:  read h#     830 Header SHA1 digest: OK (35dcaead230dffc03234a383e5f3dab9bd46680c)
D: added key gpg-pubkey-de7f38bd-501f4964 to keyring
D:  read h#     904 Header sanity check: OK
D: added key gpg-pubkey-7fac5991-4615767f to keyring
D:  read h#     974 Header sanity check: OK
D: added key gpg-pubkey-5044912e-4b7489b1 to keyring
D:  read h#    1096 Header sanity check: OK
D: added key gpg-pubkey-b56a8bac-3bbc4d06 to keyring
D:  read h#    1116 Header sanity check: OK
D: added key gpg-pubkey-f6777c67-45e5b1b9 to keyring
D:  read h#    1446 Header sanity check: OK
D: added key gpg-pubkey-8296fa0f-4ea867c3 to keyring
D:  read h#    1891 Header SHA1 digest: OK (eb95b897727baab8e961ba6a0634a1f433b83c30)
D: added key gpg-pubkey-982e0a7c-4f34288f to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
error: http://mhensler.de/swsusp/download/SUSPEND2-RPM-KEY: key 1 import failed.
D: closed   db index       /var/lib/rpm/Name
D: closed   db index       /var/lib/rpm/Packages
D: closed   db environment /var/lib/rpm
Comment 1 Panu Matilainen 2013-06-03 07:00:54 UTC 
That's a V3 OpenPGP key, and those have been deprecated by RFC-4880 (http://www.rfc-editor.org/rfc/rfc4880.txt) since ages ago as they are considered insecure:

   OpenPGP implementations MUST create keys with version 4 format.  V3
   keys are deprecated; an implementation MUST NOT generate a V3 key,
   but MAY accept it.

The support for V3 keys was pulled in rpm >= 4.10:
http://rpm.org/wiki/Releases/4.10.0#Removedfeatures
Comment 2 Kevin J. Cummings 2013-06-03 20:17:49 UTC 
The error message "Key 1 import failed" does not convey the necessary information.  Yes, the import failed, but it say nothing about WHY it failed.  If it had, this report would never have been generated.  Perhaps, a better error message is in order?  Especially for a change in behaviour.