Red Hat Bugzilla – Bug 130590
unsigned package not re-fetched from file:// yum repo after signing
Last modified: 2007-11-30 17:10:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Description of problem:
If up2date is asked to install a package from a local yum repository,
it will fetch the package and bail out if the package turns out to be
unsigned, leaving the unsigned package in /var/spool/up2date. If you
then sign the package in the repository and restart `up2date -i
package', it will NOT refetch the package, simply bailing out again
because the package in /var/spool/up2date is not signed correctly.
For packages downloaded from the network (generally incomplete
downloads), it will refetch. It would be nice if it would do the same
for packages fetched from file:// yum repos as well.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Create unsigned package in local (file://) yum repository
2.up2date -i package
3.Sign the package in the yum repository
4.up2date -i package again
Actual Results: Package will keep on failing signature verification
because it won't be refecthed
Expected Results: Should be refetched, IMHO
Removing the rpm from /var/spool/up2date is the obvious work around.
marking this as NOTABUG... regerenating the yum info
will force the package to download again (the timestamp
and contents of the header.info file is used to
invalidate the cache, instead of doing IF-Last-Modified
fetches on every header/package).
So, there is a easy workaround for this somewhat
rare case that I prefer over the other alternatives