Bug 242336 - tkcvs yum update fails because of missing GPG signature
Summary: tkcvs yum update fails because of missing GPG signature
Alias: None
Product: Fedora
Classification: Fedora
Component: tkcvs (Show other bugs)
(Show other bugs)
Version: 7
Hardware: All Linux
Target Milestone: ---
Assignee: Gérard Milmeister
QA Contact: Fedora Extras Quality Assurance
Keywords: Reopened
: 242347 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2007-06-03 13:04 UTC by Raphael SALSON
Modified: 2013-01-10 04:20 UTC (History)
3 users (show)

Fixed In Version: tkcvs-8.0.4-2.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-27 06:51:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Raphael SALSON 2007-06-03 13:04:40 UTC
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Context: Upgrade FC6 --> F7
2.yum update tkcvs (or graphical interface)
Actual results:
Cannot upgrade:
> Package tkcvs-8.0.4-2.fc7.noarch.rpm is not signed

Expected results:

Additional info:
> yum --nogpgcheck update tkcvs 
works fine

Comment 1 Gérard Milmeister 2007-06-03 15:16:08 UTC
This is a known problem. It will take some time for the packages to be signed
and make through the mirrors again.

Comment 2 David Juran 2007-06-17 12:25:57 UTC
Reopening this bug since it's still not fixed. 
  Since this bug blocks yum from updating a system, with far-reaching
consequences for system security, I believe it can not wait for the next release
(Fedora 8?!?!?) Adjusting priority and severity accordingly.

Comment 3 Gérard Milmeister 2007-06-17 16:56:18 UTC
*** Bug 242347 has been marked as a duplicate of this bug. ***

Comment 4 Gérard Milmeister 2007-06-17 16:57:39 UTC
However, I don't think this is the right component for the problem.
The only thing I can do is to rebuild the packages.

Comment 5 David Juran 2007-06-19 12:42:46 UTC
Jesse, an rpm that got pushed without being signed, is that you area?

Comment 6 Jesse Keating 2007-06-19 13:08:59 UTC
A signed copy is now on the mirrors.

Comment 7 David Juran 2007-06-21 07:14:59 UTC
No, it's not )-:
And the Koji web interface is down.
Hmmm, maybe this issue ought to be transferred to component 'distribution'...

Comment 8 Jesse Keating 2007-06-21 14:18:44 UTC
Erm, Can you show me where on the master mirror this package is unsigned?  Are
you sure you don't have an out of date mirror?

Comment 9 Raphael SALSON 2007-06-24 00:00:24 UTC
hmmm, not too sure. How can I know which mirror was used when the update was run?

Here is my yum conf (standard I think):
name=Fedora $releasever - $basearch

name=Fedora $releasever - $basearch - Updates

Comment 10 Jesse Keating 2007-06-24 14:19:13 UTC
do a yum clean metadata; uncomment the baseurl in both fedora and updates,
comment out the mirrorlist, then do your update.  That should force it to pull
from the master mirrors.

Comment 11 David Juran 2007-06-27 06:51:37 UTC
Ahhh I see, I was looking for an updated package in the updates directory, not a
fixed package in the "base" directory. Are mirrors really synching the base
directory since it's presumably supposed to be immutable? E.g.
is not...

Anyway, this problem with tkcvs is fixed, thanks for the help (-:

Comment 12 Jesse Keating 2007-06-27 12:42:47 UTC
I announced to our mirrors that I was updating the content.  Maybe some of them
didn't get the memo :/

Note You need to log in before you can comment on or make changes to this bug.