Bug 164200 - rpm --import does not import fedora-extras key correctly.
rpm --import does not import fedora-extras key correctly.
Status: CLOSED UPSTREAM
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rpm (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
Mike McLean
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-25 17:25 EDT by Jim Pirzyk
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-25 19:33:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jim Pirzyk 2005-07-25 17:25:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312

Description of problem:
When trying to import the fedoras-extra key (Key ID 1ac70ce6), rpm --import
stores it with the wrong KeyID.  This is a copy of the key downloaded from
the GPG key servers.

Version-Release number of selected component (if applicable):
rpm-4.3.3-9_nonptl

How reproducible:
Always

Steps to Reproduce:
1. gpg --recv-keys --keyserver hkp://subkeys.pgp.net 1ac70ce6
2. gpg --export --armour 1ac70ce6 > 1ac70ce6.asc
3. rpm --import 1ac70ce6.asc
  

Actual Results:  rpm -q gpg-pubkey  show this key now installed

gpg-pubkey-7ad14380-4245729a


Expected Results:  It shoudl have been this key:

gpg-pubkey-1ac70ce6-41bebeef


Additional info:

They key 7ad14380 is actually someone who signed the fedoras-extra key, thereby trusting it.
The rpm did not understand the difference between signing a key and the key itself.
Comment 1 Mark J. Cox (Product Security) 2005-07-29 06:43:09 EDT
It is known that rpm cannot deal with importing keys that are signed
See for example :
https://www.redhat.com/archives/fedora-test-list/2004-October/msg02767.html

*** This bug has been marked as a duplicate of 90952 ***
Comment 2 Jim Pirzyk 2005-07-29 07:53:52 EDT
Reopening this bug because I cannot reopen the other ticket, which I do not own.  This has not been 
fixed so it should not be closed.  Closing it ignores the problem is not being addressed.
Comment 3 Jeff Johnson 2005-10-25 19:33:51 EDT
This problem is fixed (by computing the fingerprint id correctly for signed pubkeys) in rpm-4.4.2
and later

Note You need to log in before you can comment on or make changes to this bug.