Bug 111210 - up2date reports "package not signed" where gpg-key needs to be imported
up2date reports "package not signed" where gpg-key needs to be imported
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bret McMillan
Fanny Augustin
:
Depends On:
Blocks: 124619
  Show dependency treegraph
 
Reported: 2003-11-30 00:13 EST by A.J. Bonnema
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-28 15:22:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description A.J. Bonnema 2003-11-30 00:13:22 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Having added fedora.us and rpm.livna.org I had neglected to import the
gpg-keys using "rpm --import http://etc". In stead of a message to
indicate the keys needed to be imported, I got the following message
in response to the command "up2date mplayer":

"
Testing package set / solving RPM inter-dependencies...
########################################
mplayer-0.92-0.lvn.1.1.i386 ########################## Done.         
         
aalib-1.4.0-0.fdr.0.8.rc5.1 ########################## Done.         
         
The package aalib-1.4.0-0.fdr.0.8.rc5.1 is not signed with a GPG
signature.  Aborting...
Package aalib-1.4.0-0.fdr.0.8.rc5.1 does not have a GPG signature.
 Aborting...
"

The message indicates that the package aalib is not signed. After the
appropriate rpm --import commands for livna and fedora.us, the
packages were successfully downloaded and installed by up2date.

The message seems inappriopriate for the problem. Expected was
something like:

"The GPG-keys for fedora and livna are missing."




Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. add fedora.us and livna to repositories
2. neglect to import gpg-keys
3. up2date mplayer
    

Actual Results:  Testing package set / solving RPM inter-dependencies...
########################################
mplayer-0.92-0.lvn.1.1.i386 ########################## Done.         
         
aalib-1.4.0-0.fdr.0.8.rc5.1 ########################## Done.         
         
The package aalib-1.4.0-0.fdr.0.8.rc5.1 is not signed with a GPG
signature.  Aborting...
Package aalib-1.4.0-0.fdr.0.8.rc5.1 does not have a GPG signature.
 Aborting...


Expected Results:  A message stating that the appropriate GPG-keys for
fedora.us and livna are missing.

Additional info:
Comment 1 Max TenEyck Woodbury 2005-09-17 07:04:28 EDT
I traced the error reporting back to 'up2date.hasBadSignature'.  I'm not sure
that I understand the problem completely, but don't lines 313-314 of up2date.py
wipe out all the work done in lines 304-311?  Should 313 contain a test to assure
the 'ret' is still '0' before forcing it to '1' in line 314.
Comment 2 Matthew Miller 2006-07-11 13:49:14 EDT
Fedora Core 1 is maintained by the Fedora Legacy project for security updates
only. If this problem is a security issue, please reopen and reassign to the
Fedora Legacy product. If it is not a security issue and hasn't been resolved in
the current FC5 updates or in the FC6 test release, reopen and change the
version to match.

Thanks!

NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy
project. After Fedora Core 6 Test 2 is released (currently scheduled for July
26th), there will be no more security updates for FC1. Please use these next two
weeks to upgrade any remaining FC1 systems to a current release.

Comment 3 John Thacker 2006-10-28 15:22:14 EDT
Closing per lack of response.  Note that FC1 and FC2 are no longer
supported even by Fedora Legacy.  Please install a still supported
version and retest.  If this still occurs on FC3 or FC4 and is a
security issue, please assign to that version and Fedora Legacy.

Note that up2date is not present in FC5 or FC6, the only current non-Legacy
Fedora Core releases.  However, related bugs may occur in yum, pirut, or other
updating mechanisms.

Note You need to log in before you can comment on or make changes to this bug.