From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: Having added fedora.us and rpm.livna.org I had neglected to import the gpg-keys using "rpm --import http://etc". In stead of a message to indicate the keys needed to be imported, I got the following message in response to the command "up2date mplayer": " Testing package set / solving RPM inter-dependencies... ######################################## mplayer-0.92-0.lvn.1.1.i386 ########################## Done. aalib-1.4.0-0.fdr.0.8.rc5.1 ########################## Done. The package aalib-1.4.0-0.fdr.0.8.rc5.1 is not signed with a GPG signature. Aborting... Package aalib-1.4.0-0.fdr.0.8.rc5.1 does not have a GPG signature. Aborting... " The message indicates that the package aalib is not signed. After the appropriate rpm --import commands for livna and fedora.us, the packages were successfully downloaded and installed by up2date. The message seems inappriopriate for the problem. Expected was something like: "The GPG-keys for fedora and livna are missing." Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. add fedora.us and livna to repositories 2. neglect to import gpg-keys 3. up2date mplayer Actual Results: Testing package set / solving RPM inter-dependencies... ######################################## mplayer-0.92-0.lvn.1.1.i386 ########################## Done. aalib-1.4.0-0.fdr.0.8.rc5.1 ########################## Done. The package aalib-1.4.0-0.fdr.0.8.rc5.1 is not signed with a GPG signature. Aborting... Package aalib-1.4.0-0.fdr.0.8.rc5.1 does not have a GPG signature. Aborting... Expected Results: A message stating that the appropriate GPG-keys for fedora.us and livna are missing. Additional info:
I traced the error reporting back to 'up2date.hasBadSignature'. I'm not sure that I understand the problem completely, but don't lines 313-314 of up2date.py wipe out all the work done in lines 304-311? Should 313 contain a test to assure the 'ret' is still '0' before forcing it to '1' in line 314.
Fedora Core 1 is maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thanks! NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy project. After Fedora Core 6 Test 2 is released (currently scheduled for July 26th), there will be no more security updates for FC1. Please use these next two weeks to upgrade any remaining FC1 systems to a current release.
Closing per lack of response. Note that FC1 and FC2 are no longer supported even by Fedora Legacy. Please install a still supported version and retest. If this still occurs on FC3 or FC4 and is a security issue, please assign to that version and Fedora Legacy. Note that up2date is not present in FC5 or FC6, the only current non-Legacy Fedora Core releases. However, related bugs may occur in yum, pirut, or other updating mechanisms.