I noticed when doing a yum update that the elfutils update is signed with key 30c9ecf8 instead of the normal one for updates. [root@bruno f7u]# rpm --checksig elfutils* elfutils-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-devel-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-devel-static-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libelf-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libelf-devel-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libelf-devel-static-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libs-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8)
Bruno Wolff III wrote:
I noticed when doing a yum update that the elfutils update is signed with key 30c9ecf8 instead of the normal one for updates. [root@bruno f7u]# rpm --checksig elfutils* elfutils-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-devel-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-devel-static-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libelf-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libelf-devel-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libelf-devel-static-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8) elfutils-libs-0.129-1.fc7.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#30c9ecf8)
Every so often a package seems to slip in that's signed with the updates-testing key. I checked the updates tree and in addition to elfutils*, perl-PDF-API2-0.62-2.fc7.noarch.rpm is also signed with the testing key. I dropped a note to rel-eng about this (though I forget if it should be reported there or to the infrastructure ticket system).
Hopefully it'll get sorted out fairly soon. But F8 test 2 is being prepared now, which might slow down the few folks with the ability to fix this.
Bruno Wolff III wrote:
Every so often a package seems to slip in that's signed with the updates-testing key.
If anyone has a problem running their yum update then if the Fedora keys are imported using : rpm --import /etc/pki/rpm-gpg/* as root, then yum update will still work even though the packages are signed with the wrong key. If they already installed a package from updates-testing in the past the problem will be invisible.
Mike Cohler (mcohler) wrote:
Bruno Wolff III wrote:
Every so often a package seems to slip in that's signed with the updates-testing key.
If anyone has a problem running their yum update then if the Fedora keys are imported using : rpm --import /etc/pki/rpm-gpg/*
as root, then yum update will still work even though the packages are signed with the wrong key. If they already installed a package from updates-testing in the past the problem will be invisible.
While that's true, it isn't always a viable solution. I generally want to catch testing packages before they get installed on a system that I don't want to use for testing. It's not always easy to tell if the package is in the wrong repo or if it's just been signed by the wrong key. :)
On Wed, Aug 29, 2007 at 10:18:00 +0200, "Mike Cohler (mcohler)" no-reply-gw@fcp.surfsite.org wrote:
This is an email sent via The Fedora Community Portal https://fcp.surfsite.org https://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=197756&topi... If you think, this is spam, please report this to webmaster@fcp.surfsite.org and/or blame mdc1@york.ac.uk.
Another solution (that I prefer) is to manually update the problem app using rpm and then running yum to finish updates. That way you still get a warning about including packages signed with the test-updates key.
Another solution (that I prefer) is to manually update the problem app using rpm and then running yum to finish updates. That way you still get a warning about including packages signed with the test-updates key.
Even easier is to just run with the yum option --nogpgcheck for the one problematic update. In this case
yum update elfutils-libs --nogpgcheck
will install the update, ignoring the gpg problem for this package.
Chris
-
Bruno Wolff III -
Chris Jones -
potat0 -
Todd Zullinger