Bug 140200 - yum attempts to gpgcheck a package that is unsigned
yum attempts to gpgcheck a package that is unsigned
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
3
athlon Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-20 17:05 EST by james
Modified: 2014-01-21 17:50 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-21 12:37:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description james 2004-11-20 17:05:41 EST
From Bugzilla Helper:
User-Agent: Opera/7.54 (X11; Linux i686; U)  [en]

Description of problem:
If yum is configured with "gpgcheck=1" and then attempts to install 
or update a package that is unsigned, it fails with "unsigned package 
<path>".


Version-Release number of selected component (if applicable):
yum-2.1.11-4

How reproducible:
Always

Steps to Reproduce:
1. configure /etc/yum.conf with "gpgcheck=1"
2. yum update <some-unsigned-package>
3.
    

Actual Results:  unsigned package <path>
yum dies

Expected Results:  yum should generate a warning about the package 
not being signed, but should continue.

yum should NEVER "bail", "punt", or "quit" because of a recoverable 
error or, especially, because of a warning condition.

Additional info:
Comment 1 Seth Vidal 2004-11-21 12:37:53 EST
1. yum doesn't die, it exits with an error message.
2. an unsigned package when gpgcheck=1 is an error. If it was not then
a  person who broke into a repository could simply put an unsigned rpm
into the repository and 'boom' they own all those machines.

this is not a bug.

Note You need to log in before you can comment on or make changes to this bug.