Bug 121407 - Missing / unknown signatures interrupt update process
Missing / unknown signatures interrupt update process
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
i686 Linux
medium Severity low
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
Depends On:
  Show dependency treegraph
Reported: 2004-04-21 03:46 EDT by Alexander Graef
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-22 15:42:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alexander Graef 2004-04-21 03:46:58 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040312 Epiphany/1.1.12

Description of problem:
While doing a whole bunch of updates via Up2date, he keeps asking me

The package xy-0 is signed with an unknown GPG signature. Continue?

after every download. If I would not like to continue with download,
would I have selected all those packages, and clicked "Update"? There
is also no checkbox like "Never ask again". It would make more sense,
to keep downloading all packages I have selected, and after that, ask
in a dialog, that would allow to select multiple packages, instead of
asking for every package between their downloads. This is especially
annoying, if one wants to let Up2date download all packages in the
night, and when he gets back, he sees that only one package was
successfuly downloaded. Also, all packages can be downloaded, an
unknown signature is no special error, but only a warning. One could
let Up2date download all packages, interrupt the update after that,
and install a signature file. In any case, the download wouldnt be

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Open Up2date
2. Select packages for which the signature is unknown
(this could also be accomplished by removing the signature from the
computer, so that Up2date cannot verify the packages)

Actual Results:  He keeps annoying me with a dialog every minute,
asking me this:

The package xy-0 is signed with an unknown GPG signature. Continue?

Expected Results:  Downloading all packages as I intended, and after
that, asking me if I want to install those (maybe selection box), or
abort the process.

Additional info:

The package xy-0 is signed with an unknown GPG signature. Continue?
Comment 1 Adrian Likins 2004-04-22 15:42:32 EDT
You need to import the GPG key into rpm's keyring:

rpm --import /path/to/keyringfile

or you can diable sig checking on the commandline with

or set the useGPG config option to 0 in /etc/sysconfig/rhn/up2date

Note You need to log in before you can comment on or make changes to this bug.