Red Hat Bugzilla – Bug 171570
Contradictory error message: "not signed with a GPG signature"
Last modified: 2007-11-30 17:11:15 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
While attempting to run up2date after having gone through an upgrade process from FC3 to FC4 via DVD, the following message is output by up2date:
Maelstrom-3.0.6-8.i386.rpm: ########################## Done.
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 1ac70ce6
The package Maelstrom-3.0.6-8 is not signed with a GPG signature. Aborting...
Package Maelstrom-3.0.6-8 does not have a GPG signature.
According to the error message the package is unsigned, however as shown by the warning line, the package IS signed, the key that signed the package is missing.
The text "is not signed with a GPG signature" and "does not have a GPG signature" needs to be removed and replaced with an accurate error message explaining that a signature is present, but signed with a key that is not (yet) recognised, and adding a note on where to find out the correct procedure for adding the key, which is apparently:
rpm --install ./RPM-GPG-KEY-fedora-extras
Version-Release number of selected component (if applicable):
Steps to Reproduce:
up2date was replaced by pirut and put (package pirut) as of FC5. Only FC5 and
FC6 are currently fully supported; FC3 and FC4 are supported for security fixes
only. If this bug occurs in FC3 or FC4 and is a security bug, please change the
product to Fedora Extras and the version to match. If you can verify that the
bug exists in RHEL as well, please change the product and version appropriately.
The codebase for pirut and pup is quite different, but if a similar bug exists
in pirut and pup in FC5 or FC6, please change the product to pirut and the
version appropriately and update the bug report.
We apologize that the bug was not fixed before now. The status will be changed
to NEEDINFO, and if the bug is not updated with evidence that it is a security
bug or a bug that affects RHEL, it will be closed.
Closing per previous message.