Bug 161040 - up2date does not check the gpg signature
Summary: up2date does not check the gpg signature
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
(Show other bugs)
Version: 4
Hardware: i686 Linux
medium
medium
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Fanny Augustin
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-20 06:16 UTC by petrosyan
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-07 02:49:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description petrosyan 2005-06-20 06:16:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
up2date does not check the gpg signature.
for example the following freshrpms.repo file:
----------------------------------------------
[freshrpms]
name=freshrpms
baseurl=http://ayo.freshrpms.net/fedora/linux/4/$basearch/freshrpms
enabled=1
gpgcheck=1
gpgkey=http://freshrpms.net/RPM-GPG-KEY-freshrpms
----------------------------------------------
was put in /etc/yum.repos.d/ directory
after that trying to install any packages would give a GPG signature error.

Version-Release number of selected component (if applicable):
up2date-4.4.23-4

How reproducible:
Always

Steps to Reproduce:
1. install freshrpms.repo file into /etc/yum.repos.d/ folder
2. type 'up2date amule'

Actual Results:  see the following error message:
The package amule-2.0.1-1.2.fc4 is not signed with a GPG signature.  Aborting...Package amule-2.0.1-1.2.fc4 does not have a GPG signature.
 Aborting...


Expected Results:  there should be no error message since gpgkey was provided in the freshrpms.repo file.

Additional info:

Comment 1 P Fudd 2005-07-06 01:01:55 UTC
There's an option to up2date that says "don't install unsigned rpms":
 try 'up2date --nosig amule'.

Comment 2 P Fudd 2005-07-06 06:10:36 UTC
Also, perhaps the gpgkey needs to be loaded:
   rpm --import the.file-with_the=gpg.key


Comment 3 petrosyan 2005-07-06 06:14:06 UTC
I thought that up2date is supposed to load it automatically.

Comment 4 Glenn Story 2005-07-10 21:47:47 UTC
I am having the same problem.  This is on a fresh FC4 install.  I did the rpm
--inport.


Comment 5 petrosyan 2006-01-07 02:49:26 UTC
this bug is not relevant anymore because Fedora Core 5 removed up2date


Note You need to log in before you can comment on or make changes to this bug.