Red Hat Bugzilla – Bug 120503
Some packages are signed with unknown GPG signatures
Last modified: 2007-11-30 17:10:40 EST
Description of problem: The following packages complain that "Package x is signed with an unknown GPG signature." It's only a handful of packages, most of them work. The ones that don't work so far: Canna ImageMajick apr beecrypt esound* file gdb libxml(-devel) libxml2 openssl* Version-Release number of selected component (if applicable): How reproducible: n/a Steps to Reproduce: 1. Upgrade from RH9 to FC2-test2 2. sudo up2date -u up2date 3. Run up2date-gnome from the RHN notifier applet Actual results: Several packages complain that "Package x is signed with an unknown GPG signature. Continue?" Expected results: All automated Additional info:
Not all packages in Fedora Core "development" tree are signed. Run "rpm -Kv" on a package file to see whether it is signed or not, e.g. this one is not signed: $ rpm -Kv a2ps-4.13b-37.i386.rpm a2ps-4.13b-37.i386.rpm: Header SHA1 digest: OK (fb065af05d8c75dbf1fce766697dd533251facbd) MD5 digest: OK (d569ee382daa9d0964397ab4822e66dd) The following is signed with 'RPM-GPG-KEY-fedora-test' key: $ rpm -Kv ImageMagick-5.5.7.15-1.3.i386.rpm ImageMagick-5.5.7.15-1.3.i386.rpm: Header V3 DSA signature: OK, key ID 30c9ecf8 Header SHA1 digest: OK (ae225423d46d14e42eeb3f3cfe77acd13a42546a) MD5 digest: OK (cac12eb3a66c5bcaea2f8c6dde517ff6) V3 DSA signature: OK, key ID 30c9ecf8
That's still the case with the latest binutils-2.15.90.0.3-1: # rpm -K /var/spool/up2date/binutils-2.15.90.0.3-1.i386.rpm /var/spool/up2date/binutils-2.15.90.0.3-1.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) #
No, Dimitri: MISSING KEYS: GPG#30c9ecf8 You have not installed the key yet. See comment 1.
In reference to comment #3; 1. How/Where does one get the key (0x30C9ECF8) 2. How does one install it after one gets it? I installed test2 from scratch and have been unable to update anything! The few "instructions" that I have found concerning adding gpg-pubkey-... have not worked for anything I have tried yet. None of the docu (which I have looked at so far) has an example. Thanks in advance for further comments.
Note that FC1 and FC2 are no longer supported even by Fedora Legacy, and FC3 and FC4 are supported by Fedora Legacy only for security issues. Please retest this bug against a still supported version and retest. If this still occurs on FC3 or FC4 and is a security issue, please reopen the bug and assign it to that version and Fedora Legacy. If it occurs on RHEL, please change to that product and the appropriate version. Note that up2date has been replaced by pirut/pup for FC5 and FC6, the only fully-supported versions of Fedora Core. Please test pirut for software updates and file bugs as appropriate.