This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 200739 - rpm --import of a keyfile with signatures results in bad gpg-pubkey database entry
rpm --import of a keyfile with signatures results in bad gpg-pubkey database ...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rpm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
Depends On:
  Show dependency treegraph
Reported: 2006-07-31 10:04 EDT by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2007-0315
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-05-01 18:53:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2006-07-31 10:04:43 EDT
+++ This bug was initially created as a clone of Bug #90952 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
Certain GPG public keys are not imported correctly by RPM. The resulting RPM
database entries contain an incorrect version tag.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. gpg --recv-keys 54A2ACF1
2. gpg --export -a 54A2ACF1 > key.txt
3. rpm --import key.txt
4. rpm -q gpg-pubkey --last | head -1

Why does it get named 55f3aa6f?

  # rpm -qi gpg-pubkey-55f3aa6f | gpg 
  pub  1024D/54A2ACF1 --snip--
  sub  2048g/4AD75982 2002-11-25  [expires: 2007-11-24]

Actual Results:  gpg-pubkey-55f3aa6f-3e30940d                  Thu 15 May 2003
20:40:10 CEST

ASCII-armored key was parsed incorrectly, resulting in wrong key id.

Expected Results:  gpg-pubkey-54a2acf1-3e30940d                  Thu 15 May 2003
20:40:10 CEST

Additional info:
Comment 1 Bastien Nocera 2006-07-31 10:09:10 EDT
$ rpm -q rpm
$ gpg --keyserver --recv-keys 30c9ecf8
gpg: key 30C9ECF8: "Fedora Project (Test Software) <>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ gpg --export -a 30c9ecf8 > key7.txt
$ gpg key7.txt
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software) <>
$ sudo rpm --import key7.txt
$ rpm -q gpg-pubkey --last | head -1
gpg-pubkey-5a2457cf-429f0aee                  Sat 22 Jul 2006 10:40:40 AM EDT
$ rpm -qi gpg-pubkey-5a2457cf-429f0aee > foo.txt
$ gpg foo.txt
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software) <>

So it's just the package name that's wrong, the data is still right though.
Comment 2 Jeff Johnson 2006-08-05 03:56:45 EDT
rpm-4.4.2 and later calculate the fingerprint correctly, rather than relying on
field within the pubkey for the fingerprint.

Either use gpg to edit the pubkey packets before importing, or upgrade/backport the changes in 
Comment 3 RHEL Product and Program Management 2006-08-18 10:55:36 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 10 Red Hat Bugzilla 2007-05-01 18:53:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.