Joel Rees wrote:
Want to ping the list on this (copied by hand because I yummed from a
virtual console instead of X11):
-----------------------
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID
4f2a6fd2
Public key for evolution-data-server-1.6.2-1.fc5.1.i386.rpm is not
installed
Retrieving GPG key from file :///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora@xxxxxxxxxx>"
------------------------
I found the key and fingerprint at
http://fedora.redhat.com/About/security/
after some indirect searching and checked that the fingerprint and
random pieces of the encoded key match.
What's the issue here?
Well, I had to drag my Mac Mini over next to the AMD box so I could look
at the ID and the public key referenced and then look them up to check
that I was letting the installer add a valid key. No big deal really,
just thinking that perhaps that particular key should have already been
in yum's pre-imported keys.
The key wasn't already present in your rpm database (have you never
done "yum update" on this system before?)
Fresh install. evolution-data-server was something like 170th of 320
packages being updated in the first sweep. Missing a pre-imported key,
same-old same-old, and I'm sure that when I get my hands free to go look
it up on bugzilla, there'll already be a bug or two for it, just
wondering if it had caused any noise on this list yet. Besides, missing
keys are not something one should keep hush-hush.
, so yum imported the repo GPG key from the file already on your
system from the initial install (/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora)
as it is configured to do by the repo file
/etc/yum.repos.d/fedora-updates.repo. It then used the key to verify
that the downloaded evolution-data-server package was intact and
actually an official Fedora package.
Yeah. That's what it's supposed to do when the key is not present.
It just seems a little strange that RPM-GPG-KEY-fedora was missing from
yum's collection of pre-imported keys. (That and I was really tired at
five this morning when yum complained, so having to take the three
minutes to drag the Mini over felt a little bit like an inconvenience,
GOL. I've got to get some sleep tonight.)
Yum, or rather rpm, has no pre-imported keys at all. Every one of them
is installed as a resutt of some post-installation action, such as
running a "yum update". The keys are supplied out-of-the-box in the
fedora-release package, but they're not pre-imported into the rpm database.
It's possible that, for whatever reason, the evolution-data-server
package was the first one yum tried to check the GPG signature of when
you did the update, since all of the updates packages should be signed
by that key.
Paul.