Bug 121407 - Missing / unknown signatures interrupt update process
Summary: Missing / unknown signatures interrupt update process
Alias: None
Product: Fedora
Classification: Fedora
Component: up2date   
(Show other bugs)
Version: 2
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Fanny Augustin
Depends On:
TreeView+ depends on / blocked
Reported: 2004-04-21 07:46 UTC by Alexander Graef
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-22 19:42:32 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Alexander Graef 2004-04-21 07:46:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040312 Epiphany/1.1.12

Description of problem:
While doing a whole bunch of updates via Up2date, he keeps asking me

The package xy-0 is signed with an unknown GPG signature. Continue?

after every download. If I would not like to continue with download,
would I have selected all those packages, and clicked "Update"? There
is also no checkbox like "Never ask again". It would make more sense,
to keep downloading all packages I have selected, and after that, ask
in a dialog, that would allow to select multiple packages, instead of
asking for every package between their downloads. This is especially
annoying, if one wants to let Up2date download all packages in the
night, and when he gets back, he sees that only one package was
successfuly downloaded. Also, all packages can be downloaded, an
unknown signature is no special error, but only a warning. One could
let Up2date download all packages, interrupt the update after that,
and install a signature file. In any case, the download wouldnt be

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Open Up2date
2. Select packages for which the signature is unknown
(this could also be accomplished by removing the signature from the
computer, so that Up2date cannot verify the packages)

Actual Results:  He keeps annoying me with a dialog every minute,
asking me this:

The package xy-0 is signed with an unknown GPG signature. Continue?

Expected Results:  Downloading all packages as I intended, and after
that, asking me if I want to install those (maybe selection box), or
abort the process.

Additional info:

The package xy-0 is signed with an unknown GPG signature. Continue?

Comment 1 Adrian Likins 2004-04-22 19:42:32 UTC
You need to import the GPG key into rpm's keyring:

rpm --import /path/to/keyringfile

or you can diable sig checking on the commandline with

or set the useGPG config option to 0 in /etc/sysconfig/rhn/up2date

Note You need to log in before you can comment on or make changes to this bug.