Bug 161040 - up2date does not check the gpg signature
up2date does not check the gpg signature
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
4
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-20 02:16 EDT by petrosyan
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-06 21:49:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description petrosyan 2005-06-20 02:16:20 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
up2date does not check the gpg signature.
for example the following freshrpms.repo file:
----------------------------------------------
[freshrpms]
name=freshrpms
baseurl=http://ayo.freshrpms.net/fedora/linux/4/$basearch/freshrpms
enabled=1
gpgcheck=1
gpgkey=http://freshrpms.net/RPM-GPG-KEY-freshrpms
----------------------------------------------
was put in /etc/yum.repos.d/ directory
after that trying to install any packages would give a GPG signature error.

Version-Release number of selected component (if applicable):
up2date-4.4.23-4

How reproducible:
Always

Steps to Reproduce:
1. install freshrpms.repo file into /etc/yum.repos.d/ folder
2. type 'up2date amule'

Actual Results:  see the following error message:
The package amule-2.0.1-1.2.fc4 is not signed with a GPG signature.  Aborting...Package amule-2.0.1-1.2.fc4 does not have a GPG signature.
 Aborting...


Expected Results:  there should be no error message since gpgkey was provided in the freshrpms.repo file.

Additional info:
Comment 1 P Fudd 2005-07-05 21:01:55 EDT
There's an option to up2date that says "don't install unsigned rpms":
 try 'up2date --nosig amule'.
Comment 2 P Fudd 2005-07-06 02:10:36 EDT
Also, perhaps the gpgkey needs to be loaded:
   rpm --import the.file-with_the=gpg.key
Comment 3 petrosyan 2005-07-06 02:14:06 EDT
I thought that up2date is supposed to load it automatically.
Comment 4 Glenn Story 2005-07-10 17:47:47 EDT
I am having the same problem.  This is on a fresh FC4 install.  I did the rpm
--inport.
Comment 5 petrosyan 2006-01-06 21:49:26 EST
this bug is not relevant anymore because Fedora Core 5 removed up2date

Note You need to log in before you can comment on or make changes to this bug.