Bug 969912 - I cannot import the TUXONICE GPG key
I cannot import the TUXONICE GPG key
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
18
i686 Linux
unspecified Severity high
: ---
: ---
Assigned To: packaging-team-maint
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-02 21:46 EDT by Kevin J. Cummings
Modified: 2013-06-03 16:17 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-03 03:00:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin J. Cummings 2013-06-02 21:46:32 EDT
Description of problem:
Can't install gpg key for tuxonice repository


Version-Release number of selected component (if applicable):
rpm-4.10.3.1-1.fc18.i686



How reproducible:
fails every attempt for me.



Steps to Reproduce:
1. rpm --import --import http://mhensler.de/swsusp/download/SUSPEND2-RPM-KEY
2.
3.

Actual results:
error: http://mhensler.de/swsusp/download/SUSPEND2-RPM-KEY: key 1 import failed.


Expected results:
I expect the key to be added and be usable by yum.


Additional info:

My system was installed via the F17 live CD copied to my hard drive, then later (after many new packages installed and updates done) I used "fedup" to upgrade to F18.  I don't recall having any problems adding new repos under F17.

The following is the debug output using -vv

D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening  db environment /var/lib/rpm cdb:0x401
D: opening  db index       /var/lib/rpm/Packages 0x400 mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Name 0x400 mode=0x0
D:  read h#     264 Header sanity check: OK
D: added key gpg-pubkey-1aca3465-4f0c91e2 to keyring
D:  read h#     830 Header SHA1 digest: OK (35dcaead230dffc03234a383e5f3dab9bd46680c)
D: added key gpg-pubkey-de7f38bd-501f4964 to keyring
D:  read h#     904 Header sanity check: OK
D: added key gpg-pubkey-7fac5991-4615767f to keyring
D:  read h#     974 Header sanity check: OK
D: added key gpg-pubkey-5044912e-4b7489b1 to keyring
D:  read h#    1096 Header sanity check: OK
D: added key gpg-pubkey-b56a8bac-3bbc4d06 to keyring
D:  read h#    1116 Header sanity check: OK
D: added key gpg-pubkey-f6777c67-45e5b1b9 to keyring
D:  read h#    1446 Header sanity check: OK
D: added key gpg-pubkey-8296fa0f-4ea867c3 to keyring
D:  read h#    1891 Header SHA1 digest: OK (eb95b897727baab8e961ba6a0634a1f433b83c30)
D: added key gpg-pubkey-982e0a7c-4f34288f to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
error: http://mhensler.de/swsusp/download/SUSPEND2-RPM-KEY: key 1 import failed.
D: closed   db index       /var/lib/rpm/Name
D: closed   db index       /var/lib/rpm/Packages
D: closed   db environment /var/lib/rpm
Comment 1 Panu Matilainen 2013-06-03 03:00:54 EDT
That's a V3 OpenPGP key, and those have been deprecated by RFC-4880 (http://www.rfc-editor.org/rfc/rfc4880.txt) since ages ago as they are considered insecure:

   OpenPGP implementations MUST create keys with version 4 format.  V3
   keys are deprecated; an implementation MUST NOT generate a V3 key,
   but MAY accept it.

The support for V3 keys was pulled in rpm >= 4.10:
http://rpm.org/wiki/Releases/4.10.0#Removedfeatures
Comment 2 Kevin J. Cummings 2013-06-03 16:17:49 EDT
The error message "Key 1 import failed" does not convey the necessary information.  Yes, the import failed, but it say nothing about WHY it failed.  If it had, this report would never have been generated.  Perhaps, a better error message is in order?  Especially for a change in behaviour.

Note You need to log in before you can comment on or make changes to this bug.