Red Hat Bugzilla – Bug 160910
every update package is not GPG-signed
Last modified: 2007-11-30 17:11:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
When updating system using up2date GUI, before downloading every package, it warns that package is not GPG-signed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. wait a day for new package being released
2. run up2date GUI as root
3. select all nesessary packages for installing
Actual Results: 4. before every package downloading you will be warned about the fact that the package is not GPG-signed, and do you want to proceed
Expected Results: 4. packages should be GPG-signed and up2date should recognize the signature
The warning message is wrong - the packages are GPG-signed, but you haven't
installed the corresponding GPG key so it can't be verified (for example, the
Fedora Extras key is numbered 1ac70ce6 which should appear in the warning message).
Your're right, "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora" seems to fix
the problem. But I do not know why this is not done automatically.