all I wanted was to update the kernel, not a crypto lesson ...
Nelson Strother
xunilarodef at gmail.com
Wed Oct 3 12:25:14 UTC 2007
On 9/29/07, Build System <buildsys at redhat.com> wrote:
> kernel-2.6.23-0.214.rc8.git2.fc8
I hope one of you can help me save some time. As suggested by a
kernel bug triager, I would like to install
kernel-2.6.23-0.214.rc8.git2.fc8.i686.rpm
from the development repo on a Fedora7 system.
The first attempt used yum, which ended with:
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, Key ID 30c9ecf8
Pulic key for kernel-2.6.23-0.214.rc8.git2.fc8.i686.rpm is not installed
#
Kernel updates have previously succeeded (via Pirut, aka Package Manager)
on this system, so I tried that tool with the result:
Unable to verify kernel-2.6.23-0.214.rc8.git2.fc8.i686.rpm
Public key for kernel-2.6.23-0.214.rc8.git2.fc8.i686.rpm is not installed
While the keys appear normal on this system, let's see if the problem
lies with the system configuration or this package:
# rpm --checksig kernel-2.6.23-0.214.rc8.git2.fc8
kernel-2.6.23-0.214.rc8.git2.fc8.i686.rpm: (SHA1) DSA sha1 md5 (GPG)
NOT OK (MISSING KEYS: GPG#30c9ecf8)
# rpm -vv --checksig kernel-2.6.23-0.214.rc8.git2.fc8
D: Expected size: 17235630 = lead(96)+sigs(344)+pad(0)+data(17235190)
D: Actual size: 17235630
D: opening db environment /var/lib/rpm/Packages joinenv
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0
kernel-2.6.23-0.214.rc8.git2.fc8.i686.rpm:
Header V3 DSA signature: NOKEY, key ID 30c9ecf8
Header SHA1 digest: OK (b566737ca514eb14e6e7a8b38ddd32f8a12ff85d)
MD5 digest: OK (d527f1188ec11a6f20645948cbfbe86b)
V3 DSA signature: NOKEY, key ID 30c9ecf8
D: closed db index /var/lib/rpm/Pubkeys
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm/Packages
D: May free Score board((nil))
#
I'm still puzzled, so I try these commands on another Fedora7 system
where kernel-2.6.23-0.214.rc8.git2.fc8 has been downloaded (but where
there is no motivation yet to actually install it):
# rpm --checksig kernel-2.6.23-0.214.rc8.git2.fc8
# rpm -vv --checksig kernel-2.6.23-0.214.rc8.git2.fc8
D: May free Score board((nil))
#
This would seem to confirm that the package is OK. But I remain
puzzled by the differences in verbose output from rpm. However,
both systems claim to be running the same version of rpm:
# rpm -q --whatprovides rpm
rpm-4.4.2.1-1.fc7
#
(On what I would think to be the infinitesimal chance that a package
could have been corrupted during download and still pass SHA1 and MD5
checks, I copied the package from the system where the check succeeds
to the system where the GPG check fails, with no change in the result
from --checksig. At least that much seems rational.)
Now, to compare keys, on the system where the check fails, I see:
# rpm -qa | grep -i gpg
gpgme-1.1.4-1.fc7
libgpg-error-1.4-2
gpg-pubkey-4f2a6fd2-3f9d9d3b
gpg-pubkey-1cddbca9-3f9da14c
gpg-pubkey-e418e3aa-3f439953
#
while on the system where the check succeeds, I see merely:
# rpm -qa | grep -i gpg
libgpg-error-1.4-2
gpg-pubkey-4f2a6fd2-3f9d9d3b
#
but the directory listings of /etc/pki/rpm-gpg/ on the two systems
appear identical.
Explanations and insights, please? (All I wanted to do was test a new
kernel!)
Cheers,
Nelson
More information about the fedora-test-list
mailing list