Bug 121407 - Missing / unknown signatures interrupt update process
Summary: Missing / unknown signatures interrupt update process
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: up2date
Version: 2
Hardware: i686
OS: Linux
medium
low
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Fanny Augustin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-21 07:46 UTC by Alexander Graef
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-04-22 19:42:32 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Alexander Graef 2004-04-21 07:46:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040312 Epiphany/1.1.12

Description of problem:
While doing a whole bunch of updates via Up2date, he keeps asking me

Question
The package xy-0 is signed with an unknown GPG signature. Continue?

after every download. If I would not like to continue with download,
would I have selected all those packages, and clicked "Update"? There
is also no checkbox like "Never ask again". It would make more sense,
to keep downloading all packages I have selected, and after that, ask
in a dialog, that would allow to select multiple packages, instead of
asking for every package between their downloads. This is especially
annoying, if one wants to let Up2date download all packages in the
night, and when he gets back, he sees that only one package was
successfuly downloaded. Also, all packages can be downloaded, an
unknown signature is no special error, but only a warning. One could
let Up2date download all packages, interrupt the update after that,
and install a signature file. In any case, the download wouldnt be
interrupted.

Version-Release number of selected component (if applicable):
up2date-4.3.11-2.1.1

How reproducible:
Always

Steps to Reproduce:
1. Open Up2date
2. Select packages for which the signature is unknown
(this could also be accomplished by removing the signature from the
computer, so that Up2date cannot verify the packages)
    

Actual Results:  He keeps annoying me with a dialog every minute,
asking me this:

Question
The package xy-0 is signed with an unknown GPG signature. Continue?

Expected Results:  Downloading all packages as I intended, and after
that, asking me if I want to install those (maybe selection box), or
abort the process.

Additional info:

Question
The package xy-0 is signed with an unknown GPG signature. Continue?

Comment 1 Adrian Likins 2004-04-22 19:42:32 UTC
You need to import the GPG key into rpm's keyring:

rpm --import /path/to/keyringfile

or you can diable sig checking on the commandline with
--nosig

or set the useGPG config option to 0 in /etc/sysconfig/rhn/up2date


Note You need to log in before you can comment on or make changes to this bug.