Bugzilla – Bug 130579
YOU Online update :: failures in rpm signatures
Last modified: 2005-11-22 17:57:35 UTC
as previously seen on suse 9.3, the suse 10 installer fails to install the YOU patches it downloads, with an "rpm signature" issue. there are known workarounds for this. Why does it keep happening, tho ? on 9.3, it seemed to occur only on some machines, which is odd given that missing keys were the reason. on 10, I have run one installation so far, so I cannot tell.
Can you please attach the /var/log/YaST2 directory (as a tar file)? Please take a look at http://www.opensuse.org/Bug_Reporting_FAQ#YaST if you have any questions about this. Please add /var/adm/YaST/ProdDB, too.
additional info: this was installed via a PXE setup which exposes the suse 10 commercial DVD ISO. The ISO is unmodified from what is sold in stores.
Created attachment 55617 [details] /var/logs/YAST2 as requested.
Created attachment 55618 [details] contents of /var/adm/YAST/prodb no other files in prodb.
Roman, just for your info, from the logs: 2005-10-24 18:08:24 suse-build-key-1.0-668.noarch.rpm installed ok Additional rpm output: importing SuSE build key to rpm keyring... gpg: no ultimately trusted keys found done.
Very funny... This way of dealing with signatures sucks hamsters through straws. With rpm-3.x, it was half-way sane, but this breaks all records. I must hand this over to mls - Michael, I haven't even been able to remove a key that has been imported multiple times: # rpm -e gpg-pubkey-3d25d3d9-3f9e80c* error: "gpg-pubkey-3d25d3d9-3f9e80c*" specifies multiple packages # Michael, are you aware about the key import mechanism in 10.0? It is not in suse-build-key's %post. Actually, the whole fiddling around in there has nothing to do with the rpm keyring in its database. Ah, concerning comment #5: That error message is from the %post of the suse-build-key package. See above, it has nothing to do with the lack of the key in the RPM database. Roman.
YaST installs the keys into rpms database. That's why there are those gpg-pubkey-* files on the installation source, YaST checks if they are already in the database and imports them if this is not the case. I'll hand over to Michael Andres who wrote the code in question. Regarding the removal of keys that were imported multiple times: it works the same as with packages: just use the '--allmatches' option, like documented in the fine man page ;-)
Jiri, could you please check the setup of /yast-install//suse-10-x86/DVD1 (2005-10-24 17:54:53 in the logfile). To me it looks like Packages.ycp does not copy the gpg-pubkeys from the source. I found code handling the gpg-pubkeys in SourceManager.ycp(HandleMultipleSources), but don't see where it gets called. If the keys are not present, the packagemanager can't handle them.
I updated the code for 10.1 so that the key import function gets called. Hopefully it works now. Please, test with next Alpha of 10.1 and reopen if problem still occurres.