Description of problem: On this f17 x64 system, attempting to install / update any package (cntlm,mc,yum), ends with: "The GPG keys listed for the Fedora 17 - x86_64 - Updates" repository are already installed but they are not correct for this package." before, i have this warning: "warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 1aca3465: NOKEY" Version-Release number of selected component (if applicable): yum-3.4.3-29.fc17.noarch How reproducible: always Steps to Reproduce: 1. yum install cntlm 2. 3. Actual results: Expected results: Additional info: i"ve removed all keys and imported again, but still i get the same error. Looking into the fedora primary key in /etc/pki, it "looks" identical with the one on http://fedoraproject.org/keys . An interesting info is that this system was probably not updated for a long time.
I don't see anything that would indicate a problem in yum or rpm. If the gpg key can't be used to verify the packages then there is probably something wrong with the package source. Changing the component to distribution so they can look at the bug. If you have any indication that there is a bug in rpm or yum, feel free to reassign back.
the problem seems to be this: $ rpm -K cntlm-0.92-2.fc17.i686.rpm cntlm-0.92-2.fc17.i686.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#1aca3465) a similar result i get for x86_64 package. the package was downloaded from the base fedora repo so maybe the problem is there.
I can't reproduce this here. $ rpm -K cntlm-0.92-2.fc17.i686.rpm cntlm-0.92-2.fc17.i686.rpm: rsa sha1 (md5) pgp md5 OK $ rpm -qip cntlm-0.92-2.fc17.i686.rpm | grep Sig Signature : RSA/SHA256, Sun 22 Jan 2012 09:28:14 AM EST, Key ID 50e94c991aca3465 (note last 4 byes - 1ACA3465) $ gpg -v RPM-GPG-KEY-fedora-17-primary gpg: armor header: Version: GnuPG v1.4.5 (GNU/Linux) pub 4096R/1ACA3465 2012-01-10 Fedora (17) <fedora> sig 1ACA3465 2012-01-10 [selfsig] What does your .repo file look like?
Created attachment 753990 [details] fedora repo This is the fedora.repo
Created attachment 753991 [details] package checking and attempt to install Indeed the package seems to be correctly signed. However, it seems that somehow the right key is not installed or used by yum or rpm.
Please post the output of: rpm -qf /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 gpg -v /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64
Here'S the output: # rpm -qf /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 fedora-release-17-1.noarch # gpg -v /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 gpg: directory `/root/.gnupg' created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: armor header: Version: GnuPG v1.4.5 (GNU/Linux) pub 4096R/1ACA3465 2012-01-10 Fedora (17) <fedora> sig 1ACA3465 2012-01-10 [selfsig]
And 'rpm -qi gpg-pubkey-1aca3465-4f0c91e2'?
$ rpm -qi gpg-pubkey-1aca3465-4f0c91e2 Name : gpg-pubkey Version : 1aca3465 Release : 4f0c91e2 Architecture: (none) Install Date: Fri 24 May 2013 09:11:28 AM CEST Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : Fri 24 May 2013 09:11:28 AM CEST Build Host : localhost Relocations : (not relocatable) Summary : gpg(Fedora (17) <fedora>) Description : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: rpm-4.9.1.3 (NSS-3) mQINBE8MkeIBEADfn8QtElquxUAVvS8th7UnVmfkExw7jC7SVy7dGlXo5rgxqETM AZorpDIvAtKX5VMr/lUfODB6sSymh0e6EdvYQfHrpImO05F7WBq2DhRW74j1DRNu 8vohKPTsSZTEZo/mrUBDAAGtGOXcrsQxx4J2Ur73+r18ODd+v6O33YevlFmwmFYT uDcgdhxyxBdpJVES8MdxO349uP9bvrU+3KjpDDGHb/hMbY8az7lwLtBufRrAekhN 5Cg7+zm+I+wVGzgzSw0yrIh4hdVts4RKZIrl2N3VeZcCY4IrNZFd2Do6HhIwA7l/ /xpTEBTZ4BmnGP9iufUVa2h97/JmKy38rM88IovIcTSnYDG68k/NxUkC+dLriI4T BNc9kJLVo821x77WYViNXHscF8ujlf73HilfCnhEtNwViGO7x41guQrdv5k79UDf 1CylSZ+76vKXziz6uNHzIagiViNOvYHOoEH8jDNnubqFTxYXUNks5l3/byllQ0XK Oj9RarmjsMS3udRB6RCiEnzDbPge2S9gmdmY8MA3QeZ3aWoZJqygDQ0WNUOjPZ0E 80x+xbUyAK06/SCzs6bUx6GMXd5Iy5r3Gc+6LRt4WEG5r/vJEHPSj3qAoVqydsY0 GjASPIQmYduCdi7Inf0w+2n+nJGPcK1k432xHD0z0kp1Q/xcOH/Tul3bcQARAQAB tCZGZWRvcmEgKDE3KSA8ZmVkb3JhQGZlZG9yYXByb2plY3Qub3JnPokCNgQTAQIA IAUCTwyR4gIbDwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEFDpTJkayjRlKxAQ AICtQT+j8Sum1J86yBwso1wuzK2sHOXbfC1LCdQw2u6QLfKSUsCnQ5AL+oCnS491 5fjrYksT2siclLhgZX7/yF76XuYHHhRTO65NaPSCxxhN6S9zbExUPRoxFL1ay0cH p14WYI1/SGmKPcJmigV6n8+wGYl+zWlH9eiiFP/+JCxJ0ZvRg3mgT5zcPdIzTDOz 4rTE3WfH3qqxYhw2ttDPomBSdbgJw2N6bj46t8rljIDGdeKpFHYMVXpUp0gDkEoY bAiQhvZaa2F6mGMfXRdr4Phs562+tF/Qy/JaK8uafYZPHTtC16NHf87DYceLzvci W1KNBYGrEHm5NMguBlqP348FYMp+6hJDYMl38Qx3BK9bz6lW0G75tgaAZ+sxAFGs /MUcjChkF9OcF7Y7W6hY3IQb/+FgB5eNpBqfmZZ76ywpS+D0sIqxzWoILtlXdHeN eM4YiX0gvVQXwn9S89O5vWKxWYspywfgV/aXHk14O6k7oi8wInJOvgxZKEHUT4XU K7DyogL45VV9iYoWYIym2L17VBnINE/Kwmc/81nYigE0tTOwaR+qMFBSRlkOA4+X ZlIvb5Cft7CdC183FYLIM+B6xNSKE/OhavHZsRJrLZC1aAP8MNh8Cy7Jqrn1/Qjj 6sncrqaj/Yis4yAaINk4MrnbImN2MwzU70q0eR3kA6PY =3+4G -----END PGP PUBLIC KEY BLOCK-----
OK, looks fine to me. Moving over to yum, although I still can't reproduce this here.
Some new info that may be helpful: - a lot of partitions are mounted 'nosuid' . - on / (which does not have nosuid among its mount options), rpm -ivh cntlm* allows installing of the downloaded package. Also, yum localinstall cntlm* allows installing of the local package. Which are the interesting partitions for yum, that i should check?
This message is a reminder that Fedora 17 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 17. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '17'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 17's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 17 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 17's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.