Description of problem: My YUM updates stopped working because new RPMs are reported as having unrecognized keys. In particular, I'm trying to update a package from F10 updates, using the current F10 updates key: pub 1024D/4EBFC273 2008-08-27 Fedora (10) <fedora> sub 4096g/C1527A5F 2008-08-27 I can't import this key by hand either: # rpm -vvv --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-10-primary D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key D: loading keyring from rpmdb D: opening db environment /var/lib/rpm/Packages cdb:mpool:joinenv D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Name rdonly mode=0x0 D: read h# 86 Header sanity check: OK D: added key gpg-pubkey-e6d8f1d8-462929a9 to keyring D: read h# 231 Header sanity check: OK D: added key gpg-pubkey-4f2a6fd2-3f9d9d3b to keyring D: read h# 741 Header sanity check: OK D: added key gpg-pubkey-b1981b68-4878de85 to keyring D: read h# 1012 Header sanity check: OK D: added key gpg-pubkey-4ebfc273-48b5dbf3 to keyring D: read h# 1013 Header sanity check: OK D: added key gpg-pubkey-c2a8342a-48c7c689 to keyring D: read h# 1241 Header sanity check: OK D: added key gpg-pubkey-66534c2b-3e60b428 to keyring D: read h# 1570 Header sanity check: OK D: added key gpg-pubkey-49c8885a-4878ddfb to keyring D: read h# 1711 Header sanity check: OK D: added key gpg-pubkey-00f97f56-4267cb5c to keyring D: read h# 1842 Header sanity check: OK D: added key gpg-pubkey-f6777c67-45e5b1b9 to keyring D: Using legacy gpg-pubkey(s) from rpmdb error: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-10-primary: import failed. D: closed db index /var/lib/rpm/Name D: closed db index /var/lib/rpm/Packages D: closed db environment /var/lib/rpm/Packages Any ideas (other than disabling key checking)? This system has been receiving yum updates for several months now; I'm surprised that the F10 updates key is not already in the rpm keyring. [root@huggy packages]# rpm -qip NetworkManager-0.7.0.99-3.fc10.x86_64.rpm warning: NetworkManager-0.7.0.99-3.fc10.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 4ebfc273 Name : NetworkManager Relocations: (not relocatable) Version : 0.7.0.99 Vendor: Fedora Project Release : 3.fc10 Build Date: Mon 09 Mar 2009 08:43:26 PM PDT Install Date: (not installed) Build Host: xenbuilder2.fedora.redhat.com Group : System Environment/Base Source RPM: NetworkManager-0.7.0.99-3.fc10.src.rpm Size : 3214738 License: GPLv2+ Signature : DSA/8, Mon 09 Mar 2009 09:08:07 PM PDT, Key ID bf226fcc4ebfc273 Packager : Fedora Project URL : http://www.gnome.org/projects/NetworkManager/ Summary : Network connection manager and user applications Description : NetworkManager attempts to keep an active network connection available at all times. It is intended only for the desktop use-case, and is not intended for usage on servers. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is _intended_ to replace default routes, obtain IP addresses from a DHCP server, and change nameservers whenever it sees fit. [root@huggy packages]# rpm -qp --checksig NetworkManager-0.7.0.99-3.fc10.x86_64.rpm NetworkManager-0.7.0.99-3.fc10.x86_64.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS:GPG#4ebfc273) Version-Release number of selected component (if applicable): rpm-4.6.0-1.fc10.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Wierd, other packages in the same update do not have this problem. Nash, for instance, updated without a problem: [root@huggy packages]# rpm -qi nash Name : nash Relocations: (not relocatable) Version : 6.0.71 Vendor: Fedora Project Release : 4.fc10 Build Date: Thu 12 Feb 2009 02:45:04 AM PST Install Date: Tue 10 Mar 2009 08:57:14 AM PDT Build Host: x86-5.fedora.phx.redhat.com Group : System Environment/Base Source RPM: mkinitrd-6.0.71-4.fc10.src.rpm Size : 287080 License: GPLv2+ Signature : DSA/SHA1, Mon 09 Mar 2009 03:31:09 AM PDT, Key ID bf226fcc4ebfc273 Packager : Fedora Project URL : git://git.fedoraproject.org/git/hosted/mkinitrd Summary : nash shell Description : nash shell used by initrd ... note that the same(ish) key is used.
Hm, the nash RPM is tagged with a "DSA/SHA1" signature, but NetworkManager is tagged with a "DSA/8" signature.
Sorry, I mis-read the initial rpm output. It does appear that the updates key is in my rpm keyring: D: added key gpg-pubkey-4ebfc273-48b5dbf3 to keyring D: read h# 1013 Header sanity check: OK Now we're left with the question of why the NetworkManager RPM is being disallowed by yum/rpm.
The NetworkManager update in question was mis-signed as is being corrected: https://www.redhat.com/archives/fedora-devel-list/2009-March/msg00643.html Rpm probably should report "bad signature" instead of "no key" in this case though...
see also bug #489524
Just received the new NM package, thx.