Description of problem: Version-Release number of selected component (if applicable): tkcvs-8.0.4-2.fc7.noarch.rpm How reproducible: Always Steps to Reproduce: 1.Context: Upgrade FC6 --> F7 2.yum update tkcvs (or graphical interface) 3. Actual results: Cannot upgrade: > Package tkcvs-8.0.4-2.fc7.noarch.rpm is not signed Expected results: Additional info: > yum --nogpgcheck update tkcvs works fine
This is a known problem. It will take some time for the packages to be signed and make through the mirrors again.
Reopening this bug since it's still not fixed. Since this bug blocks yum from updating a system, with far-reaching consequences for system security, I believe it can not wait for the next release (Fedora 8?!?!?) Adjusting priority and severity accordingly.
*** Bug 242347 has been marked as a duplicate of this bug. ***
However, I don't think this is the right component for the problem. The only thing I can do is to rebuild the packages.
Jesse, an rpm that got pushed without being signed, is that you area?
A signed copy is now on the mirrors.
No, it's not )-: And the Koji web interface is down. Hmmm, maybe this issue ought to be transferred to component 'distribution'...
Erm, Can you show me where on the master mirror this package is unsigned? Are you sure you don't have an out of date mirror?
hmmm, not too sure. How can I know which mirror was used when the update was run? Here is my yum conf (standard I think): [fedora] name=Fedora $releasever - $basearch #baseurl=http://download.fedora.redhat.com/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY and: [updates] name=Fedora $releasever - $basearch - Updates #baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/$basearch/ mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
do a yum clean metadata; uncomment the baseurl in both fedora and updates, comment out the mirrorlist, then do your update. That should force it to pull from the master mirrors.
Ahhh I see, I was looking for an updated package in the updates directory, not a fixed package in the "base" directory. Are mirrors really synching the base directory since it's presumably supposed to be immutable? E.g. ftp://ftp.uci.edu/mirrors/fedora/linux/releases/7/Everything/i386/os/Fedora/tkcvs-8.0.4-2.fc7.noarch.rpm is not... Anyway, this problem with tkcvs is fixed, thanks for the help (-:
I announced to our mirrors that I was updating the content. Maybe some of them didn't get the memo :/