This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 200739 - rpm --import of a keyfile with signatures results in bad gpg-pubkey database entry
rpm --import of a keyfile with signatures results in bad gpg-pubkey database ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rpm (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-31 10:04 EDT by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2007-0315
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-01 18:53:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2006-07-31 10:04:43 EDT
+++ This bug was initially created as a clone of Bug #90952 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
Certain GPG public keys are not imported correctly by RPM. The resulting RPM
database entries contain an incorrect version tag.

Version-Release number of selected component (if applicable):
rpm-4.2-0.69

How reproducible:
Always

Steps to Reproduce:
1. gpg --recv-keys 54A2ACF1
2. gpg --export -a 54A2ACF1 > key.txt
3. rpm --import key.txt
4. rpm -q gpg-pubkey --last | head -1
  

Why does it get named 55f3aa6f?

  # rpm -qi gpg-pubkey-55f3aa6f | gpg 
  pub  1024D/54A2ACF1 --snip--
  sub  2048g/4AD75982 2002-11-25  [expires: 2007-11-24]


Actual Results:  gpg-pubkey-55f3aa6f-3e30940d                  Thu 15 May 2003
20:40:10 CEST

ASCII-armored key was parsed incorrectly, resulting in wrong key id.

Expected Results:  gpg-pubkey-54a2acf1-3e30940d                  Thu 15 May 2003
20:40:10 CEST


Additional info:

http://www.fedora.us/pipermail/fedora-devel/2003-May/001291.html
https://www.redhat.com/mailman/private/rpm-list/2003-May/msg00279.html
https://www.redhat.com/archives/redhat-list-de/2003-May/msg00113.html
http://groups.google.de/groups?ie=UTF-8&oe=UTF-8&as_umsgid=69f31d11.0303081433.e105922%40posting.google.com&lr=&hl=de
Comment 1 Bastien Nocera 2006-07-31 10:09:10 EDT
$ rpm -q rpm
rpm-4.3.3-13_nonptl
$ gpg --keyserver pgp.mit.edu --recv-keys 30c9ecf8
gpg: key 30C9ECF8: "Fedora Project (Test Software) <rawhide@redhat.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ gpg --export -a 30c9ecf8 > key7.txt
$ gpg key7.txt
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software) <rawhide@redhat.com>
$ sudo rpm --import key7.txt
Password:
$ rpm -q gpg-pubkey --last | head -1
gpg-pubkey-5a2457cf-429f0aee                  Sat 22 Jul 2006 10:40:40 AM EDT
$ rpm -qi gpg-pubkey-5a2457cf-429f0aee > foo.txt
$ gpg foo.txt
pub  1024D/30C9ECF8 2003-10-27 Fedora Project (Test Software) <rawhide@redhat.com>

So it's just the package name that's wrong, the data is still right though.
Comment 2 Jeff Johnson 2006-08-05 03:56:45 EDT
rpm-4.4.2 and later calculate the fingerprint correctly, rather than relying on
field within the pubkey for the fingerprint.

Either use gpg to edit the pubkey packets before importing, or upgrade/backport the changes in 
rpm-4.4.2.
Comment 3 RHEL Product and Program Management 2006-08-18 10:55:36 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 10 Red Hat Bugzilla 2007-05-01 18:53:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0315.html

Note You need to log in before you can comment on or make changes to this bug.