Bug 110404 - up2date on text-only server reports GPG key problems incorrectly
up2date on text-only server reports GPG key problems incorrectly
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-18 23:26 EST by Brian Epstein
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-24 17:14:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Brian Epstein 2003-11-18 23:26:14 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20030925

Description of problem:
I have a text-only Fedora Core FC1 server install.  I'm trying to do
up2date on it.

I have freshly removed and re-installed up2date, rhnlib, rpm (yes,
rpm) to try and see if I had old copies of something laying around
that was messing things up.

--- snip ---
apiary:/home/ep# rpm -q up2date rhnlib rpm
up2date-4.1.16-1
rhnlib-1.4-1
rpm-4.2.1-0.30
--- snip ---

When I try to run up2date:

--- snip ---
apiary:/home/ep# up2date
Your GPG keyring does not contain the Red Hat, Inc. public key.
Without it, you will be unable to verify that packages Update Agent
downloads
are securely signed by Red Hat.
                                                                     
          
Your Update Agent options specify that you want to use GPG.
                                                                     
          
To install the key, run the following as root:
                                                                     
          
    rpm --import /usr/share/rhn/RPM-GPG-KEY
                                                                     
          
apiary:/home/ep#
--- snip ---

First error is that you have "rpm" when you mean "gpg" (oops).  But, I
run the command and I get:

--- snip ---
apiary:/home/ep# gpg --import /usr/share/rhn/RPM-GPG-KEY
gpg: key DB42A60E: "Red Hat, Inc <security@redhat.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
apiary:/home/ep#
--- snip ---

Maybe it should be going into a different keyring?  Ok, what about
this keyring in /etc/sysconfig/rhn/up2date-keyring.gpg?

--- snip ---
gpg --import --keyring /etc/sysconfig/rhn/up2date-keyring.gpg
/usr/share/rhn/RPM-GPG-KEY
gpg: key DB42A60E: "Red Hat, Inc <security@redhat.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
apiary:/home/ep#
--- snip ---

Hrm, it appears that this key is in both root's keyring and
/etc/sysconfig/rhn/up2date-keyring.gpg.  Just for completeness, how
about my user id's gpg keyring

--- snip ---
apiary:~$ gpg --list-keys 0xDB42A60E
pub  1024D/DB42A60E 1999-09-23 Red Hat, Inc <security@redhat.com>
sub  2048g/961630A2 1999-09-23
 
apiary:~$ gpg --import /usr/share/rhn/RPM-GPG-KEY
gpg: key DB42A60E: "Red Hat, Inc <security@redhat.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
--- snip ---

Looks like it is in all three keyrings.  More completeness.  Maybe rpm
really does have the ability to import gpg keys.  I'll do what the
instructions say.

--- snip ---
apiary:~# up2date
Your GPG keyring does not contain the Red Hat, Inc. public key.
Without it, you will be unable to verify that packages Update Agent
downloads
are securely signed by Red Hat.
 
Your Update Agent options specify that you want to use GPG.
 
To install the key, run the following as root:
 
    rpm --import /usr/share/rhn/RPM-GPG-KEY
 
apiary:~# rpm --import /usr/share/rhn/RPM-GPG-KEY
apiary:~# up2date
Your GPG keyring does not contain the Red Hat, Inc. public key.
Without it, you will be unable to verify that packages Update Agent
downloads
are securely signed by Red Hat.
 
Your Update Agent options specify that you want to use GPG.
 
To install the key, run the following as root:
 
    rpm --import /usr/share/rhn/RPM-GPG-KEY
 
apiary:~#
--- snip ---

Nope, that doesn't do it either.  Am I missing something obvious?

Version-Release number of selected component (if applicable):
4.1.16-1

How reproducible:
Always

Steps to Reproduce:
1. Run up2date from command line after fresh install of FC1.
2. Follow key importation instructions.
3. Rinse and repeat.
    

Actual Results:  Your GPG keyring does not contain the Red Hat, Inc.
public key.
Without it, you will be unable to verify that packages Update Agent
downloads
are securely signed by Red Hat.
 
Your Update Agent options specify that you want to use GPG.
 
To install the key, run the following as root:
 
    rpm --import /usr/share/rhn/RPM-GPG-KEY

Expected Results:  textual up2date process

Additional info:
Comment 1 Chris Boyle 2003-12-22 06:54:43 EST
This took me a while to figure out myself. The solution is there
should be 3 GPG key's in /usr/share/rhn, RPM-GPG-KEY,
RPM-GPG-KEY-fedora, and RPM-GPG-KEY-fedora-test. Using the “-fedora”
key works successfully for me.
Comment 2 Brian Epstein 2003-12-22 08:43:49 EST
Still doesn't work for me.  I imported the fedora keys into
/etc/sysconfig/rhn/up2date-keyring.gpg and I'm getting the same errors.

[root@apiary root]# gpg --no-default-keyring --keyring
/etc/sysconfig/rhn/up2date-keyring.gpg --list-keys
/etc/sysconfig/rhn/up2date-keyring.gpg
--------------------------------------
pub  1024D/DB42A60E 1999-09-23 Red Hat, Inc <security@redhat.com>
sub  2048g/961630A2 1999-09-23
 
pub  1024D/897DA07A 2002-03-15 Red Hat, Inc. (Beta Test Software)
<rawhide@redhat.com>
sub  1024g/9E774FDD 2002-03-15
 
pub  1024D/4F2A6FD2 2003-10-27 Fedora Project <fedora@redhat.com>
sub  1024g/FB939E34 2003-10-27
 
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software)
<rawhide@redhat.com>

[root@apiary root]# up2date -u
Your GPG keyring does not contain the Red Hat, Inc. public key.
Without it, you will be unable to verify that packages Update Agent
downloads
are securely signed by Red Hat.
 
Your Update Agent options specify that you want to use GPG.
 
To install the key, run the following as root:
 
    rpm --import /usr/share/rhn/RPM-GPG-KEY
 
[root@apiary root]#

The 3 GPG keys exist in /usr/share/rhn.  Here are the fingerprints:

[root@apiary root]# gpg --no-default-keyring --keyring
/etc/sysconfig/rhn/up2date-keyring.gpg --fingerprint
/etc/sysconfig/rhn/up2date-keyring.gpg
--------------------------------------
pub  1024D/DB42A60E 1999-09-23 Red Hat, Inc <security@redhat.com>
     Key fingerprint = CA20 8686 2BD6 9DFC 65F6  ECC4 2191 80CD DB42 A60E
sub  2048g/961630A2 1999-09-23
 
pub  1024D/897DA07A 2002-03-15 Red Hat, Inc. (Beta Test Software)
<rawhide@redhat.com>
     Key fingerprint = 17E8 543D 1D4A A5FA A96A  7E9F FD37 2689 897D A07A
sub  1024g/9E774FDD 2002-03-15
 
pub  1024D/4F2A6FD2 2003-10-27 Fedora Project <fedora@redhat.com>
     Key fingerprint = CAB4 4B99 6F27 744E 8612  7CDF B442 69D0 4F2A 6FD2
sub  1024g/FB939E34 2003-10-27
 
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software)
<rawhide@redhat.com>
     Key fingerprint = 3166 C14A AE72 30D9 3B7A  B2F6 DA84 CBD4 30C9 ECF8

Note You need to log in before you can comment on or make changes to this bug.