Red Hat Bugzilla – Bug 164200
rpm --import does not import fedora-extras key correctly.
Last modified: 2007-11-30 17:07:19 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312
Description of problem:
When trying to import the fedoras-extra key (Key ID 1ac70ce6), rpm --import
stores it with the wrong KeyID. This is a copy of the key downloaded from
the GPG key servers.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. gpg --recv-keys --keyserver hkp://subkeys.pgp.net 1ac70ce6
2. gpg --export --armour 1ac70ce6 > 1ac70ce6.asc
3. rpm --import 1ac70ce6.asc
Actual Results: rpm -q gpg-pubkey show this key now installed
Expected Results: It shoudl have been this key:
They key 7ad14380 is actually someone who signed the fedoras-extra key, thereby trusting it.
The rpm did not understand the difference between signing a key and the key itself.
It is known that rpm cannot deal with importing keys that are signed
See for example :
*** This bug has been marked as a duplicate of 90952 ***
Reopening this bug because I cannot reopen the other ticket, which I do not own. This has not been
fixed so it should not be closed. Closing it ignores the problem is not being addressed.
This problem is fixed (by computing the fingerprint id correctly for signed pubkeys) in rpm-4.4.2