132068 – krb5-libs-1.2.7-28.i386.rpm has unknown GPG signature

Bug 132068 - krb5-libs-1.2.7-28.i386.rpm has unknown GPG signature

Summary: krb5-libs-1.2.7-28.i386.rpm has unknown GPG signature

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	up2date
Sub Component:
Version:	3.0
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bret McMillan
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-09-08 15:26 UTC by William D. Hamblen
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-10-19 19:19:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description William D. Hamblen 2004-09-08 15:26:39 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
# rpm -Kv krb5-libs-1.2.7-28.i386.rpm
krb5-libs-1.2.7-28.i386.rpm:
    Header V3 DSA signature: NOKEY, key ID fb01147f
    Header SHA1 digest: OK (ebf673a20f533caf0c559ed0ca3b353b8d7098ed)
    MD5 digest: OK (4d44ef774ee51de3aad9a90ef2cd9b83)
    V3 DSA signature: NOKEY, key ID fb01147f

Note, this is on an x86_64 platform but up2date apparently wishes to
install a set of i386 libraries.  Interestingly, this package does not
show up on the system's RHN page (actually both my x86_64 systems
behave identically).

Almost certainly unrelated, but maybe not - crash-3.8-3 does show up
as being outdated on RHN (the systems have crash-3.7-5) but it doesn't
come over when I run up2date.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install RHEL WS 3.0 X86_64
2. Run up2date to get all updates
3. krb5-libs*.i386 has an invalid GPG sig
    

Additional info:

Comment 1 Adrian Likins 2004-09-08 23:00:19 UTC

Checking the krb5-libs-1.2.7-28.i386.rpm from the x86_64 rhel3
channel and it looks to be okay.

Are you behind a proxy that might be caching a corrupt
package?

Comment 2 William D. Hamblen 2004-09-09 21:07:52 UTC

Yes, we are behind a proxy.

So, the admin here cleared our proxy and I deleted the contents of
/var/spool/up2date on one of the affected machines.  Then I reran
up2date and got the same error about an invalid GPG sig.

Next I went to the channels page and manually downloaded the
krb5-libs-1.2.7-28.i386.rpm for x86_64 and moved it into
/var/spool/up2date.  Ran up2date and it worked fine.  The "new" rpm's
key looks like this which you can see is different than what I had
before.  

# rpm -Kv krb5-libs-1.2.7-28.i386.rpm
krb5-libs-1.2.7-28.i386.rpm:
    Header V3 DSA signature: OK, key ID db42a60e
    Header SHA1 digest: OK (543c1ebde3e8e0a806b4dfeb4d140f94e1799206)
    MD5 digest: OK (fc2b636ee9a926547fd3e5d2227cfcf3)
    V3 DSA signature: OK, key ID db42a60e

Is it possible that there is a bad version of the krb5 stuff floating
around on one of the servers there?  I've heard secondhand that
someone else had an invalid sig problem with krb5-devel (also from our
proxy).

I still have one machine that is unpatched if there is something you
want me to try.

Comment 3 RHEL Program Management 2007-10-19 19:19:01 UTC

This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.