1400004 – apper failure with multiline GPG keys

Bug 1400004 - apper failure with multiline GPG keys

Summary: apper failure with multiline GPG keys

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	apper
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Rex Dieter
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-30 09:23 UTC by Nick Cross
Modified:	2017-12-12 10:08 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-12 10:08:25 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nick Cross 2016-11-30 09:23:41 UTC

I have installed the SpiderOak ONE RPM. While on Fedora 24 this presented no problems on 25 I then get an error when running apper "check for updates":

"The package that is being modified was not found on your system or in any software origin"

This is a bit obscure. The details window gives:

Curl error (37): Couldn't read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-spideroak-2011;file:///etc/pki/rpm-gpg/RPM-GPG-KEY-spideroak-2015 [Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-spideroak-2011;file:///etc/pki/rpm-gpg/RPM-GPG-KEY-spideroak-2015]


The SpiderOak rpm repo has

[spideroak-one-stable]
name=SpiderOakONE Stable Distribution
baseurl=http://apt.spideroak.com/spideroak_one_rpm/stable
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-spideroak-2011
 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-spideroak-2015
enablegroups=0


Interestingly running "dnf update --refresh" does not show any issue.

I have tested this on a fresh F25 KDE ISO installed to a VM.

Comment 1 Rex Dieter 2016-11-30 13:23:37 UTC

I wasn't even aware that including multiple keys via gpgkey= was possible, interesting.

Comment 2 Rex Dieter 2016-11-30 13:25:07 UTC

Confirmed here,
https://linux.die.net/man/5/yum.conf

gpgkey A URL pointing to the ASCII-armored GPG key file for the repository. This option is used if yum needs a public key to verify a package and the required key hasn't been imported into the RPM database. If this option is set, yum will automatically import the key from the specified URL. You will be prompted before the key is installed unless the assumeyes option is set.

Multiple URLs may be specified here in the same manner as the baseurl option (above). If a GPG key is required to install a package from a repository, all keys specified for that repository will be installed.

Comment 3 Nick Cross 2016-12-22 16:42:51 UTC

@Rex - this worked in F24 and somehow broke in F25.

Comment 4 Rex Dieter 2016-12-22 17:05:21 UTC

Ah, sorry, I missed that detail. thanks.

Comment 5 Fedora End Of Life 2017-12-12 10:08:25 UTC

Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.