Bug 489526 - Cannot import (new) gpg keys
Cannot import (new) gpg keys
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
10
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Panu Matilainen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-10 11:51 EDT by Carl Roth
Modified: 2009-03-11 11:42 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-11 11:42:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Carl Roth 2009-03-10 11:51:40 EDT
Description of problem:

My YUM updates stopped working because new RPMs are reported as having unrecognized keys.

In particular, I'm trying to update a package from F10 updates, using the current F10 updates key:

pub  1024D/4EBFC273 2008-08-27 Fedora (10) <fedora@fedoraproject.org>              
sub  4096g/C1527A5F 2008-08-27                                                     

I can't import this key by hand either:

# rpm -vvv --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-10-primary
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening  db environment /var/lib/rpm/Packages cdb:mpool:joinenv
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Name rdonly mode=0x0
D:  read h#      86 Header sanity check: OK
D: added key gpg-pubkey-e6d8f1d8-462929a9 to keyring
D:  read h#     231 Header sanity check: OK
D: added key gpg-pubkey-4f2a6fd2-3f9d9d3b to keyring
D:  read h#     741 Header sanity check: OK
D: added key gpg-pubkey-b1981b68-4878de85 to keyring
D:  read h#    1012 Header sanity check: OK
D: added key gpg-pubkey-4ebfc273-48b5dbf3 to keyring
D:  read h#    1013 Header sanity check: OK
D: added key gpg-pubkey-c2a8342a-48c7c689 to keyring
D:  read h#    1241 Header sanity check: OK
D: added key gpg-pubkey-66534c2b-3e60b428 to keyring
D:  read h#    1570 Header sanity check: OK
D: added key gpg-pubkey-49c8885a-4878ddfb to keyring
D:  read h#    1711 Header sanity check: OK
D: added key gpg-pubkey-00f97f56-4267cb5c to keyring
D:  read h#    1842 Header sanity check: OK
D: added key gpg-pubkey-f6777c67-45e5b1b9 to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-10-primary: import failed.
D: closed   db index       /var/lib/rpm/Name
D: closed   db index       /var/lib/rpm/Packages
D: closed   db environment /var/lib/rpm/Packages

Any ideas (other than disabling key checking)?  This system has been receiving yum updates for several months now; I'm surprised that the F10 updates key is not already in the rpm keyring.

[root@huggy packages]# rpm -qip NetworkManager-0.7.0.99-3.fc10.x86_64.rpm
warning: NetworkManager-0.7.0.99-3.fc10.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 4ebfc273
Name        : NetworkManager               Relocations: (not relocatable)
Version     : 0.7.0.99                          Vendor: Fedora Project
Release     : 3.fc10                        Build Date: Mon 09 Mar 2009 08:43:26 PM PDT
Install Date: (not installed)               Build Host: xenbuilder2.fedora.redhat.com
Group       : System Environment/Base       Source RPM: NetworkManager-0.7.0.99-3.fc10.src.rpm
Size        : 3214738                          License: GPLv2+
Signature   : DSA/8, Mon 09 Mar 2009 09:08:07 PM PDT, Key ID bf226fcc4ebfc273
Packager    : Fedora Project
URL         : http://www.gnome.org/projects/NetworkManager/
Summary     : Network connection manager and user applications
Description :
NetworkManager attempts to keep an active network connection available at all
times.  It is intended only for the desktop use-case, and is not intended for
usage on servers.   The point of NetworkManager is to make networking
configuration and setup as painless and automatic as possible.  If using DHCP,
NetworkManager is _intended_ to replace default routes, obtain IP addresses
from a DHCP server, and change nameservers whenever it sees fit.

[root@huggy packages]# rpm -qp --checksig NetworkManager-0.7.0.99-3.fc10.x86_64.rpm
NetworkManager-0.7.0.99-3.fc10.x86_64.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS:GPG#4ebfc273)

Version-Release number of selected component (if applicable):

rpm-4.6.0-1.fc10.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Carl Roth 2009-03-10 11:59:03 EDT
Wierd, other packages in the same update do not have this problem.  Nash, for instance, updated without a problem:

[root@huggy packages]# rpm -qi nash
Name        : nash                         Relocations: (not relocatable)
Version     : 6.0.71                            Vendor: Fedora Project
Release     : 4.fc10                        Build Date: Thu 12 Feb 2009 02:45:04 AM PST
Install Date: Tue 10 Mar 2009 08:57:14 AM PDT      Build Host: x86-5.fedora.phx.redhat.com
Group       : System Environment/Base       Source RPM: mkinitrd-6.0.71-4.fc10.src.rpm
Size        : 287080                           License: GPLv2+
Signature   : DSA/SHA1, Mon 09 Mar 2009 03:31:09 AM PDT, Key ID bf226fcc4ebfc273
Packager    : Fedora Project
URL         : git://git.fedoraproject.org/git/hosted/mkinitrd
Summary     : nash shell
Description :
nash shell used by initrd

... note that the same(ish) key is used.
Comment 2 Carl Roth 2009-03-10 12:00:21 EDT
Hm, the nash RPM is tagged with a "DSA/SHA1" signature, but NetworkManager is tagged with a "DSA/8" signature.
Comment 3 Carl Roth 2009-03-10 12:20:16 EDT
Sorry, I mis-read the initial rpm output.  It does appear that the updates key is in my rpm keyring:

D: added key gpg-pubkey-4ebfc273-48b5dbf3 to keyring
D:  read h#    1013 Header sanity check: OK

Now we're left with the question of why the NetworkManager RPM is being disallowed by yum/rpm.
Comment 4 Panu Matilainen 2009-03-10 13:56:57 EDT
The NetworkManager update in question was mis-signed as is being corrected:
https://www.redhat.com/archives/fedora-devel-list/2009-March/msg00643.html

Rpm probably should report "bad signature" instead of "no key" in this case though...
Comment 5 Tim Jackson 2009-03-10 19:22:34 EDT
see also bug #489524
Comment 6 Carl Roth 2009-03-11 11:42:01 EDT
Just received the new NM package, thx.

Note You need to log in before you can comment on or make changes to this bug.