Bug 130579

Summary: YOU Online update :: failures in rpm signatures
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Federico Lucifredi <flucifredi>
Component: YOUAssignee: Jiri Srain <jsrain>
Status: RESOLVED FIXED QA Contact: Federico Lucifredi <flucifredi>
Severity: Normal    
Priority: P5 - None    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 130581    
Attachments: /var/logs/YAST2
contents of /var/adm/YAST/prodb

Description Federico Lucifredi 2005-10-25 18:54:07 UTC 
as previously seen on suse 9.3, the suse 10 installer fails to install the YOU patches it downloads, with an "rpm signature" issue.

there are known workarounds for this. Why does it keep happening, tho ? on 9.3, it seemed to occur only on some machines, which is odd given that missing keys were the reason. on 10, I have run one installation so far, so I cannot tell.
Comment 1 Michael Radziej 2005-10-26 10:26:14 UTC 
Can you please attach the /var/log/YaST2 directory (as a tar file)?
Please take a look at http://www.opensuse.org/Bug_Reporting_FAQ#YaST
if you have any questions about this.

Please add /var/adm/YaST/ProdDB, too.
Comment 2 Federico Lucifredi 2005-10-26 19:01:58 UTC 
additional info: this was installed via a PXE setup which exposes the suse 10 commercial DVD ISO.

The ISO is unmodified from what is sold in stores.
Comment 3 Federico Lucifredi 2005-10-26 19:08:09 UTC 
Created attachment 55617 [details]
/var/logs/YAST2

as requested.
Comment 4 Federico Lucifredi 2005-10-26 19:09:34 UTC 
Created attachment 55618 [details]
contents of /var/adm/YAST/prodb

no other files in prodb.
Comment 5 Michael Radziej 2005-10-26 20:29:08 UTC 
Roman, just for your info, from the logs:

2005-10-24 18:08:24 suse-build-key-1.0-668.noarch.rpm installed ok
Additional rpm output:
importing SuSE build key to rpm keyring... gpg: no ultimately trusted keys found
done.
Comment 6 Roman Drahtmueller 2005-10-26 22:24:54 UTC 
Very funny... This way of dealing with signatures sucks hamsters through straws. With rpm-3.x, it was half-way sane, but this breaks all records. I must hand this over to mls - Michael, I haven't even been able to remove a key that has been imported multiple times:

# rpm -e gpg-pubkey-3d25d3d9-3f9e80c*
error: "gpg-pubkey-3d25d3d9-3f9e80c*" specifies multiple packages
# 

Michael, are you aware about the key import mechanism in 10.0? It is not in suse-build-key's %post. Actually, the whole fiddling around in there has nothing to do with the rpm keyring in its database.

Ah, concerning comment #5: That error message is from the %post of the suse-build-key package. See above, it has nothing to do with the lack of the key in the RPM database.

Roman.
Comment 7 Michael Schröder 2005-10-26 22:40:05 UTC 
YaST installs the keys into rpms database. That's why there are those
gpg-pubkey-* files on the installation source, YaST checks if they are already in the database and imports them if this is not the case. I'll hand over to Michael Andres who wrote the code in question.
Regarding the removal of keys that were imported multiple times: it works the same as with packages: just use the '--allmatches' option, like documented in the fine man page ;-)
Comment 8 Michael Andres 2005-10-27 10:32:29 UTC 
Jiri, could you please check the setup of /yast-install//suse-10-x86/DVD1
(2005-10-24 17:54:53 in the logfile).

To me it looks like Packages.ycp does not copy the gpg-pubkeys from the source. I found code handling the gpg-pubkeys in SourceManager.ycp(HandleMultipleSources), but don't see where it gets called.

If the keys are not present, the packagemanager can't handle them.
Comment 10 Jiri Srain 2005-10-31 11:56:57 UTC 
I updated the code for 10.1 so that the key import function gets called. Hopefully it works now. Please, test with next Alpha of 10.1 and reopen if problem still occurres.