Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1046332 - GPG key check fails
Summary: GPG key check fails
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: fedup
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Will Woods
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-24 15:30 UTC by Michael Cronenworth
Modified: 2014-01-23 21:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-01-23 21:13:43 UTC
Type: Bug


Attachments (Terms of Use)

Description Michael Cronenworth 2013-12-24 15:30:13 UTC
Description of problem:
fedup downloads all of the RPMs necessary for update and then fails:

Downloading failed: GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64"


Version-Release number of selected component (if applicable):
fedup-0.8.0-3.fc19.noarch
fedora-release-19-5.noarch


The key /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 is only available in fedora-release-19-2.noarch. Later versions removed the link in the vein that fedup would use the version in the file to pull in the correct GPG key. Who is to blame here?

http://pkgs.fedoraproject.org/cgit/fedora-release.git/commit/?h=f19&id=b5386dcaa1171232460feb74fa9b67b37a066065

Comment 1 Michael Cronenworth 2013-12-24 15:35:41 UTC
Workaround:
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-x86_64

Comment 2 Will Woods 2014-01-23 21:13:43 UTC
This happens if the gpgkey listed in a .repo file doesn't exist, or if the path is wrong. 

Since fedup doesn't own the .repo files or the keys, there's nothing I can do in fedup to fix this - the problem belongs to whoever owns the repo files and the keys.

The .repo files and keys provided by fedora-release-19-5 are confirmed to have the correct paths, so this should be fixed for most users.

Some people might still have their old .repo file in place. Check to see if there's a corresponding .repo.rpmnew file, and use that to update the .repo file.

Otherwise, you must have custom/3rd party .repo files that have the wrong gpgkey path, which you should fix (or ask the distributor to fix).

Comment 3 Michael Cronenworth 2014-01-23 21:26:56 UTC
Yes, this problem is due to old .repo files.

Would it be helpful to output a better error message? The current one is too obscure. Something such as "Please check that your repo files and GPG keys are up-to-date/correct versions."


Note You need to log in before you can comment on or make changes to this bug.