Red Hat Bugzilla – Bug 120503
Some packages are signed with unknown GPG signatures
Last modified: 2007-11-30 17:10:40 EST
Description of problem:
The following packages complain that "Package x is signed with an
unknown GPG signature." It's only a handful of packages, most of them
work. The ones that don't work so far:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Upgrade from RH9 to FC2-test2
2. sudo up2date -u up2date
3. Run up2date-gnome from the RHN notifier applet
Several packages complain that "Package x is signed with an unknown
GPG signature. Continue?"
Not all packages in Fedora Core "development" tree are signed. Run
"rpm -Kv" on a package file to see whether it is signed or not, e.g.
this one is not signed:
$ rpm -Kv a2ps-4.13b-37.i386.rpm
Header SHA1 digest: OK (fb065af05d8c75dbf1fce766697dd533251facbd)
MD5 digest: OK (d569ee382daa9d0964397ab4822e66dd)
The following is signed with 'RPM-GPG-KEY-fedora-test' key:
$ rpm -Kv ImageMagick-184.108.40.206-1.3.i386.rpm
Header V3 DSA signature: OK, key ID 30c9ecf8
Header SHA1 digest: OK (ae225423d46d14e42eeb3f3cfe77acd13a42546a)
MD5 digest: OK (cac12eb3a66c5bcaea2f8c6dde517ff6)
V3 DSA signature: OK, key ID 30c9ecf8
That's still the case with the latest binutils-220.127.116.11.3-1:
# rpm -K /var/spool/up2date/binutils-18.104.22.168.3-1.i386.rpm
/var/spool/up2date/binutils-22.214.171.124.3-1.i386.rpm: (SHA1) DSA sha1
md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8)
MISSING KEYS: GPG#30c9ecf8
You have not installed the key yet. See comment 1.
In reference to comment #3;
1. How/Where does one get the key (0x30C9ECF8)
2. How does one install it after one gets it?
I installed test2 from scratch and have been unable to update
anything! The few "instructions" that I have found concerning adding
gpg-pubkey-... have not worked for anything I have tried yet.
None of the docu (which I have looked at so far) has an example.
Thanks in advance for further comments.
Note that FC1 and FC2 are no longer supported even by Fedora Legacy, and FC3 and
FC4 are supported by Fedora Legacy only for security issues. Please retest this
bug against a still supported version and retest. If this still occurs on FC3
or FC4 and is a security issue, please reopen the bug and assign it to that
version and Fedora Legacy. If it occurs on RHEL, please change to that product
and the appropriate version.
Note that up2date has been replaced by pirut/pup for FC5 and FC6, the only
fully-supported versions of Fedora Core. Please test pirut for software updates
and file bugs as appropriate.