F-9 and F-10 NetworkManager update issues

Josh Boyer jwboyer at gmail.com
Tue Mar 10 18:27:57 UTC 2009 

Hi All,

Several of you have reported issues with the F-9 and F-10
NetworkManager updates that were pushed last night (March 9)
related to an incorrect GPG key.  The error output looked like:

Public key for NetworkManager-0.7.0.99-3.fc10.i386.rpm is not installed

However the key it was signed with was apparently the proper F9 or F10
GPG key.

This issue has been resolved for F-10 updates, and will be resolved for
F-9 updates relatively soon.  In an effort for full discloser, I've
included a description of the events that caused this below.

Late last evening the NetworkManager update was submitted for a push to
fix an issue with the previous update that had caused somewhat of a
regression that seems to impact a large number of users.  Rel-Eng signed
the update with the proper key, and pushed it out via Bodhi.

At the same time, Rel-Eng was attempting to get the Fedora 11 Beta packages
signed with a newly generated f11-test key that is much larger in size (this
is related to the Stronger Hashes Feature that is coming with F11).  The use
of the larger GPG key requires some different arguments to be passed to rpm
for the signing phase, including using --digest-algo sha256.  The signing
script was being reworked to invoke rpm correctly for this Feature, as well
as still work for the current release's GPG keys.

When the F-10 and F-9 updates were signed, a stale copy of the signing
script was inadvertently used.  This contained the new F-11 invocation of
rpm with the proper GPG keys, resulting in a validly signed RPM but using
SHA256 as the hash type.  The F-9 and F-10 RPM versions could detect that
the updates had been signed, however due to lack of support for the larger
hash type they could not validate the key.  The error message reported by
RPM is somewhat confusing.

This morning the F-9 and F-10 updates were resigned properly and the repos
were recreated.  This may take some time to filter to all the mirrors, so
please have patience.

We apologize for the inconvenience.

josh, for Fedora Rel-Eng


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-announce-list/attachments/20090310/d4974866/attachment.sig>

More information about the fedora-announce-list mailing list