162547 – up2date installs redhat key instead of fedora key

Bug 162547 - up2date installs redhat key instead of fedora key

Summary: up2date installs redhat key instead of fedora key

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	up2date
Sub Component:
Version:	4
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bret McMillan
QA Contact:	Fanny Augustin
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-07-06 06:08 UTC by P Fudd
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-11-05 16:31:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description P Fudd 2005-07-06 06:08:16 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050328 Fedora/1.7.6-1.2.5

Description of problem:
I just installed Fedora Core 4, and on the first system update, up2date says 'bad signature' for every rpm it downloads.

Checking the key required versus the keys available in the database, I find that the key that was installed by up2date was RPM-GPG-KEY
(pub  1024D/DB42A60E 1999-09-23 Red Hat, Inc <security>)

and should have been RPM-GPG-KEY-fedora
(pub  1024D/4F2A6FD2 2003-10-27 Fedora Project <fedora>)



Version-Release number of selected component (if applicable):
up2date-4.4.23-4

How reproducible:
Always

Steps to Reproduce:
1. Install fc4
2. Run up2date
3. 
  

Actual Results:  up2date refused to install anything, due to bad gpg signatures.

Expected Results:  up2date should have updated everything

Additional info:

Typing 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora' solved the problem.

I'd have rated this as a 'Low severity' bug, as I found an easy workaround, except that it's going to bite a lot of beginners, and we don't want that.

Comment 1 P Fudd 2005-07-12 06:29:43 UTC

Instead of saying 'bad signature', perhaps it could say 'unrecognized signature'?

Also, if this is reproducible, the code in
/usr/share/rhn/up2date_client/gpgUtils.py lines 93-103 isn't working quite right.

Comment 2 John Thacker 2006-10-29 20:29:57 UTC

up2date was replaced by pirut and put (package pirut) as of FC5.  Only FC5 and
FC6 are currently fully supported; FC3 and FC4 are supported for security fixes
only.  If this bug occurs in FC3 or FC4 and is a security bug, please change the
product to Fedora Extras and the version to match.  If you can verify that the
bug exists in RHEL as well, please change the product and version appropriately.

The codebase for pirut and pup is quite different, but if a similar bug exists
in pirut and pup in FC5 or FC6, please change the product to pirut and the
version appropriately and update the bug report.

We apologize that the bug was not fixed before now.  The status will be changed
to NEEDINFO, and if the bug is not updated with evidence that it is a security
bug or a bug that affects RHEL, it will be closed.

Comment 3 John Thacker 2006-11-05 16:31:10 UTC

Closing per previous message.

Note You need to log in before you can comment on or make changes to this bug.