Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1767317

Summary: GPG Verification of Fedora 31 download is not possible
Product: [Retired] Fedora Documentation Reporter: xwarman <xwarman>
Component: security-guideAssignee: Petr Bokoc <pbokoc>
Status: CLOSED NOTABUG QA Contact: Fedora Docs QA <docs-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: pkennedy, security-guide-list, sparks, zach
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-02 09:30:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description xwarman@posteo.de 2019-10-31 07:36:56 UTC 
Description of problem:
I tried to verify download of FEDORA 31 with GPG as described here: https://getfedora.org/security/ (German Version) 
If I download GPG Keys, Fedora 31 is not known:
"gpg: Schlüssel E08E7E629DB62FB1: "Fedora 28 (28) <fedora-28>" nicht geändert
gpg: Schlüssel A20AA56B429476B4: "Fedora 29 (29) <fedora-29>" nicht geändert
gpg: Schlüssel EF3C111FCFC659B9: "Fedora (30) <fedora-30-primary>" nicht geändert
gpg: Schlüssel 3B49DF2A0608B895: "EPEL (6) <epel>" nicht geändert
gpg: Schlüssel 6A2FAEA2352C64E5: "Fedora EPEL (7) <epel>" nicht geändert
gpg: Schlüssel 7BB90722DBBDCF7C: "Fedora (iot 2019) <fedora-iot-2019>" nicht geändert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 6" 

So, I cannot verify the checksum file:
gpg --verify-files Fedora-Workstation-31-1.9-x86_64-CHECKSUM 
gpg: Signatur vom Fr 25 Okt 2019 15:09:48 CEST
gpg:                mittels RSA-Schlüssel 50CB390B3C3359C4
gpg: Signatur kann nicht geprüft werden: Kein öffentlicher Schlüssel

Also, if I try to use fingerprint: 
gpg2 --fingerprint 4096R/3C3359C4 2019-02-18
gpg: error reading key: Kein öffentlicher Schlüssel

Actual results:
No pub key for fedora 31 download found. 

Expected results:
Successful verfification with gpg

Additional info:
German language version of documentation
Comment 1 Petr Bokoc 2019-11-01 09:46:53 UTC 
Hello, thank you for the report. I just tried (using the English instructions, but the German page shows the same commands), and I get an entry for Fedora 31 now. It's possible that the fedora.gpg file wasn't updated when you tried it; can you please run "curl https://getfedora.org/static/fedora.gpg | gpg --import" again and let me know if it works for you now?
Comment 2 xwarman@posteo.de 2019-11-02 09:30:01 UTC 
Hi @Petr Bokoc, 
many thanks. It seems, you was right. I was to fast. Keys has not been published, as I tried it. 
Now, everything is fine:

curl https://getfedora.org/static/fedora.gpg | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 10955  100 10955    0     0  10041      0  0:00:01  0:00:01 --:--:-- 10041
gpg: Schlüssel EF3C111FCFC659B9: "Fedora (30) <fedora-30-primary>" nicht geändert
gpg: Schlüssel 50CB390B3C3359C4: Öffentlicher Schlüssel "Fedora (31) <fedora-31-primary>" importiert
gpg: Schlüssel 6C13026D12C944D0: Öffentlicher Schlüssel "Fedora (32) <fedora-32-primary>" importiert
gpg: Schlüssel 3B49DF2A0608B895: "EPEL (6) <epel>" nicht geändert
gpg: Schlüssel 6A2FAEA2352C64E5: "Fedora EPEL (7) <epel>" nicht geändert
gpg: Schlüssel 21EA45AB2F86D6A1: Öffentlicher Schlüssel "Fedora EPEL (8) <epel>" importiert
gpg: Schlüssel 7BB90722DBBDCF7C: "Fedora (iot 2019) <fedora-iot-2019>" nicht geändert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 7
gpg:               importiert: 3
gpg:              unverändert: 4

Thank you!