Bug 160910 - every update package is not GPG-signed
Summary: every update package is not GPG-signed
Alias: None
Product: Fedora
Classification: Fedora
Component: up2date
Version: 4
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Fanny Augustin
Depends On:
TreeView+ depends on / blocked
Reported: 2005-06-18 11:48 UTC by Alexey Roytman
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-06-20 04:16:46 UTC

Attachments (Terms of Use)

Description Alexey Roytman 2005-06-18 11:48:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
When updating system using up2date GUI, before downloading every package, it warns that package is not GPG-signed.

Version-Release number of selected component (if applicable):
up2date-4.4.23-4, up2date-gnome-4.4.23-4

How reproducible:

Steps to Reproduce:
1. wait a day for new package being released
2. run up2date GUI as root
3. select all nesessary packages for installing

Actual Results:  4. before every package downloading you will be warned about the fact that the package is not GPG-signed, and do you want to proceed

Expected Results:  4. packages should be GPG-signed and up2date should recognize the signature

Additional info:

Comment 1 Andre Robatino 2005-06-18 23:32:34 UTC
  The warning message is wrong - the packages are GPG-signed, but you haven't
installed the corresponding GPG key so it can't be verified (for example, the
Fedora Extras key is numbered 1ac70ce6 which should appear in the warning message).

Comment 2 Alexey Roytman 2005-06-20 04:16:46 UTC
Your're right, "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora" seems to fix
the problem. But I do not know why this is not done automatically.

Note You need to log in before you can comment on or make changes to this bug.