FC1 yum update Problems
David Eisenstein
deisenst at gtw.net
Tue Nov 8 22:05:17 UTC 2005
> Edward Wynn wrote:
> >
> > Hi,
> >
> > I am trying to use yum to update my FC1 system.
> >
> > I have followed the instructions present on the website, including
> > upgrading yum, setting up the yum.conf file and importing the GPG
> > key via rpm ?import.
> > <<snip>>
> > What am I missing ? what is wrong with GPG keys?
> > <<snip>>
By following those directions, you only imported the Fedora Legacy GPG
key. Many or most packages are signed with the original Fedora Project
key, which is likely what you need here.
On Monday, November 8 2005, James Kosin wrote:
> You must have a fresh install of FC1... Somewhere about a year or so
> ago the fedora group had to install new GPG keys for the packages;
> because their keys had expired about md-project with FC1.
I had never heard anything about Fedora Project keys expiring. Where did
you get this from, James? AFAIK, the Red Hat Fedora Project key has been
the same, for all Fedora Core distros, since the beginning of the Fedora
project with FC1.
> It should be safe to get yum to ignore the GPG signature for the
> moment to update your system... Then import the fedora-legacy keys.
> Or maybe someone could resign all the packages with the fedora-legacy
> key.
Resigning all the packages with FL key wouldn't be practical.
It's a good idea to use GPG signatures, not only from a security stand-
point, but also from a data-corruption standpoint as well, as the signa-
tures should detect both failures.
On Tue, 8 Nov 2005, Edward Wynn wrote:
> Thanks for the hint - any ideas on how to get yum to ignore the GPG
> keys? I had considered doing that myself but can't find how to do it.
>
> Alternatively can't I just import the old keys from somewhere now?
>
Yes, you can.
When I do an $ rpm -qi on pango, I get this line:
Signature: DSA/SHA1, Tue 28 Oct 2003 06:19:41 PM CST, Key ID b44269d04f2a6fd2
The public key ID for Fedora Core is 'b44269d04f2a6fd2', or the last 8
characters of the key should do, '4f2a6fd2'.
There are a number of ways one can go about getting the Fedora Core
public key.
1) If you have the original CD-ROM's for FC1, on Disc 1 is the file
'RPM-GPG-KEY-fedora'. If you have that file, do:
# rpm --import /mnt/cdrom/RPM-GPG-KEY-fedora
2) You can get the PGP key from Red Hat's Fedora website:
# wget http://fedora.redhat.com/about/security/4F2A6FD2.txt
# rpm --import 4F2A6FD2.txt
3) Or you can import the required key into your PGP
database froma public keyserver using this command:
# gpg --keyserver hkp://pgpkeys.mit.edu --recv-keys 4F2A6FD2
then export it from the PGP database to an ASCII-armored file:
# gpg -a --export 4F2A6FD2 >/tmp/fedora-key.asc
Once that is done, you can import that to RPM:
# rpm --import /tmp/fedora-key.asc
# rm /tmp/fedora-key.asc
4) Also see the 'GPG keys' page at the Fedora Project for other ways
of getting the key and more info about it:
<http://fedora.redhat.com/about/security/>
Hope this helped.
-David
More information about the fedora-legacy-list
mailing list