+++ This bug was initially created as a clone of Bug #1099976 +++ Description of problem: Note this is when using the RHEL 7.1 preview packages from: https://www.redhat.com/archives/libguestfs/2014-May/msg00090.html It is NOT a bug in any released version of RHEL or libguestfs. $ virt-builder -l gpg: Signature made Sat 10 May 2014 12:39:51 BST using RSA key ID E1B768A0 gpg: Good signature from "Richard W.M. Jones <rjones>" gpg: aka "Richard W.M. Jones <rich>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F777 4FB1 AD07 4A7E 8C87 67EA 9173 8F73 E1B7 68A0 centos-6 x86_64 CentOS 6.5 cirros-0.3.1 x86_64 CirrOS 0.3.1 debian-6 x86_64 Debian 6 (Squeeze) debian-7 x86_64 Debian 7 (Wheezy) fedora-18 x86_64 Fedora® 18 fedora-19 x86_64 Fedora® 19 fedora-20 x86_64 Fedora® 20 [etc] Why is the GPG warning printed? Version-Release number of selected component (if applicable): libguestfs-1.27.11-3.1.el7.x86_64 --- Additional comment from Pino Toscano on 2015-01-08 15:41:38 CET --- This also happens when using gnupg2 (i.e. `gpg2`) for virt-builder's --gpg. For example on a Fedora 20 box I get: $ virt-builder --gpg /usr/bin/gpg -l centos-6 x86_64 CentOS 6.6 centos-7.0 x86_64 CentOS 7.0 cirros-0.3.1 x86_64 CirrOS 0.3.1 debian-6 x86_64 Debian 6 (Squeeze) debian-7 x86_64 Debian 7 (Wheezy) fedora-18 x86_64 Fedora® 18 fedora-19 x86_64 Fedora® 19 fedora-20 x86_64 Fedora® 20 fedora-21 x86_64 Fedora® 21 Server scientificlinux-6 x86_64 Scientific Linux 6.5 ubuntu-10.04 x86_64 Ubuntu 10.04 (Lucid) ubuntu-12.04 x86_64 Ubuntu 12.04 (Precise) ubuntu-14.04 x86_64 Ubuntu 14.04 (Trusty) $ virt-builder --gpg /usr/bin/gpg2 -l gpg: Signature made Tue Dec 9 20:16:40 2014 CET using RSA key ID E1B768A0 gpg: Good signature from "Richard W.M. Jones <rjones>" [unknown] gpg: aka "Richard W.M. Jones <rich>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F777 4FB1 AD07 4A7E 8C87 67EA 9173 8F73 E1B7 68A0 centos-6 x86_64 CentOS 6.6 centos-7.0 x86_64 CentOS 7.0 cirros-0.3.1 x86_64 CirrOS 0.3.1 debian-6 x86_64 Debian 6 (Squeeze) debian-7 x86_64 Debian 7 (Wheezy) fedora-18 x86_64 Fedora® 18 fedora-19 x86_64 Fedora® 19 fedora-20 x86_64 Fedora® 20 fedora-21 x86_64 Fedora® 21 Server scientificlinux-6 x86_64 Scientific Linux 6.5 ubuntu-10.04 x86_64 Ubuntu 10.04 (Lucid) ubuntu-12.04 x86_64 Ubuntu 12.04 (Precise) ubuntu-14.04 x86_64 Ubuntu 14.04 (Trusty)
Actually, even gnupg 1.x prints that, but it is sent to /dev/null when not verbose (because "-q --logger-file /dev/null" are passed as arguments to gpg). $ virt-builder --gpg /usr/bin/gpg -l -v command line: virt-builder --gpg /usr/bin/gpg -l -v virt-builder: trying to read [...]/libguestfs.conf virt-builder: ... read 1 sources /usr/bin/gpg --homedir /tmp/vb.gpghome.HHC2Cw --list-keys gpg: keyring `/tmp/vb.gpghome.HHC2Cw/pubring.gpg' created gpg: /tmp/vb.gpghome.HHC2Cw/trustdb.gpg: trustdb created /usr/bin/gpg --homedir /tmp/vb.gpghome.HHC2Cw --status-file '/tmp/vbstat7670fd.txt' --import '[...]/libguestfs.gpg' gpg: keyring `/tmp/vb.gpghome.HHC2Cw/secring.gpg' created gpg: key E1B768A0: public key "Richard W.M. Jones <rjones>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [...] /usr/bin/gpg --homedir /tmp/vb.gpghome.HHC2Cw --verify --status-file '/tmp/vbstat47d902.txt' '/tmp/vbcache00e113.txt' gpg: Signature made Tue Dec 9 20:16:40 2014 CET using RSA key ID E1B768A0 gpg: Good signature from "Richard W.M. Jones <rjones>" gpg: aka "Richard W.M. Jones <rich>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F777 4FB1 AD07 4A7E 8C87 67EA 9173 8F73 E1B7 68A0 [...]
This has been fixed with commits a1a165e3c43d7743aa48ca18a97540b726cb0bf3 6442bcb7eb13f0a91d9933ef5f3468ac950b7a7a 41df8a2c4605de019a01a004a83fbad3521f5423 which are in libguestfs >= 1.29.42.