Red Hat Bugzilla – Bug 162547
up2date installs redhat key instead of fedora key
Last modified: 2007-11-30 17:11:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050328 Fedora/1.7.6-1.2.5
Description of problem:
I just installed Fedora Core 4, and on the first system update, up2date says 'bad signature' for every rpm it downloads.
Checking the key required versus the keys available in the database, I find that the key that was installed by up2date was RPM-GPG-KEY
(pub 1024D/DB42A60E 1999-09-23 Red Hat, Inc <email@example.com>)
and should have been RPM-GPG-KEY-fedora
(pub 1024D/4F2A6FD2 2003-10-27 Fedora Project <firstname.lastname@example.org>)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install fc4
2. Run up2date
Actual Results: up2date refused to install anything, due to bad gpg signatures.
Expected Results: up2date should have updated everything
Typing 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora' solved the problem.
I'd have rated this as a 'Low severity' bug, as I found an easy workaround, except that it's going to bite a lot of beginners, and we don't want that.
Instead of saying 'bad signature', perhaps it could say 'unrecognized signature'?
Also, if this is reproducible, the code in
/usr/share/rhn/up2date_client/gpgUtils.py lines 93-103 isn't working quite right.
up2date was replaced by pirut and put (package pirut) as of FC5. Only FC5 and
FC6 are currently fully supported; FC3 and FC4 are supported for security fixes
only. If this bug occurs in FC3 or FC4 and is a security bug, please change the
product to Fedora Extras and the version to match. If you can verify that the
bug exists in RHEL as well, please change the product and version appropriately.
The codebase for pirut and pup is quite different, but if a similar bug exists
in pirut and pup in FC5 or FC6, please change the product to pirut and the
version appropriately and update the bug report.
We apologize that the bug was not fixed before now. The status will be changed
to NEEDINFO, and if the bug is not updated with evidence that it is a security
bug or a bug that affects RHEL, it will be closed.
Closing per previous message.