missing keys on yum update -- evolution-data-server

Joel Rees joel_rees at sannet.ne.jp
Mon Jun 12 11:11:50 UTC 2006 

>> Want to ping the list on this (copied by hand because I yummed  
>> from a virtual console instead of X11):
>> -----------------------
>> warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID  
>> 4f2a6fd2
>> Public key for evolution-data-server-1.6.2-1.fc5.1.i386.rpm is not  
>> installed
>> Retrieving GPG key from file :///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
>> Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora at redhat.com>"
>> ------------------------
>> I found the key and fingerprint at
>>     http://fedora.redhat.com/About/security/
>> after some indirect searching and checked that the fingerprint and  
>> random pieces of the encoded key match.
>
> What's the issue here?

Well, I had to drag my Mac Mini over next to the AMD box so I could  
look at the ID and the public key referenced and then look them up to  
check that I was letting the installer add a valid key. No big deal  
really, just thinking that perhaps that particular key should have  
already been in yum's pre-imported keys.

> The key wasn't already present in your rpm database (have you never  
> done "yum update" on this system before?)

Fresh install. evolution-data-server was something like 170th of 320  
packages being updated in the first sweep. Missing a pre-imported  
key, same-old same-old, and I'm sure that when I get my hands free to  
go look it up on bugzilla, there'll already be a bug or two for it,  
just wondering if it had caused any noise on this list yet. Besides,  
missing keys are not something one should keep hush-hush.

> , so yum imported the repo GPG key from the file already on your  
> system from the initial install (/etc/pki/rpm-gpg/RPM-GPG-KEY- 
> fedora) as it is configured to do by the repo file /etc/yum.repos.d/ 
> fedora-updates.repo. It then used the key to verify that the  
> downloaded evolution-data-server package was intact and actually an  
> official Fedora package.

Yeah. That's what it's supposed to do when the key is not present.

It just seems a little strange that RPM-GPG-KEY-fedora was missing  
from yum's collection of pre-imported keys. (That and I was really  
tired at five this morning when yum complained, so having to take the  
three minutes to drag the Mini over felt a little bit like an  
inconvenience, GOL. I've got to get some sleep tonight.)

More information about the fedora-list mailing list