On Wed, Jun 15, 2005 at 08:52:19AM +0100, Paul Howarth wrote:
> From: Paul Howarth <paul@xxxxxxxxxxxx>
> To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
> Date: Wed, 15 Jun 2005 08:52:19 +0100
> Subject: Re: FC4 fresh install up2date finds unsigned packages
> Reply-To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
>
> On Wed, 2005-06-15 at 00:36 -0700, Nifty Hat Mitch wrote:
> > After a FC4 clean load.
> > up2date found packages that were unsigned.
> > arpwatch
> > elinks
> > gaim
> > gamin
> > gedit
> > libcap
> > mikmod
> > tcpdump
> > ...
> >
> > Is this expected?
>
> Looks like these are the packages in the updates-released repo. I expect
> they're actually signed but not using a key that's imported into your
> RPM database. Yum would do this automatically based on info in the
> fedora-updates.repo file, but perhaps up2date doesn't?
>
> Try this:
> # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
>
> See if that improves matters.
Yes yum did the expected and prompted to import the keys
that you indicated above.
I was prompted for a key update with up2date but some{how,way}
the right keys did not get imported with up2date/firstboot.
I have yet to compare the rpms downloaded by both to see
if they are exact matches....
Anyhow 'yum update' sorts this out.
Thanks,
mitch
--
T o m M i t c h e l l
Found me a new place to hang my hat :-)
Found me a cable too.
