From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 Description of problem: When trying to import the fedoras-extra key (Key ID 1ac70ce6), rpm --import stores it with the wrong KeyID. This is a copy of the key downloaded from the GPG key servers. Version-Release number of selected component (if applicable): rpm-4.3.3-9_nonptl How reproducible: Always Steps to Reproduce: 1. gpg --recv-keys --keyserver hkp://subkeys.pgp.net 1ac70ce6 2. gpg --export --armour 1ac70ce6 > 1ac70ce6.asc 3. rpm --import 1ac70ce6.asc Actual Results: rpm -q gpg-pubkey show this key now installed gpg-pubkey-7ad14380-4245729a Expected Results: It shoudl have been this key: gpg-pubkey-1ac70ce6-41bebeef Additional info: They key 7ad14380 is actually someone who signed the fedoras-extra key, thereby trusting it. The rpm did not understand the difference between signing a key and the key itself.
It is known that rpm cannot deal with importing keys that are signed See for example : https://www.redhat.com/archives/fedora-test-list/2004-October/msg02767.html *** This bug has been marked as a duplicate of 90952 ***
Reopening this bug because I cannot reopen the other ticket, which I do not own. This has not been fixed so it should not be closed. Closing it ignores the problem is not being addressed.
This problem is fixed (by computing the fingerprint id correctly for signed pubkeys) in rpm-4.4.2 and later