all I wanted was to update the kernel, not a crypto lesson ...

Nelson Strother xunilarodef at gmail.com
Thu Oct 4 07:53:09 UTC 2007 

  Jesse, I appreciate the informative response.  Yes, I would think
this information should be much more accessible, Maybe preserved in:

  http://docs.fedoraproject.org/yum/en/sn-using-repositories.html

On 10/3/07, Jesse Keating <jkeating at redhat.com> wrote:
> The two keys used right now are
>
> pub   1024D/4F2A6FD2 2003-10-27
> uid                  Fedora Project <fedora at redhat.com>
>
> Used for final releases and updates.
>
> pub   1024D/30C9ECF8 2003-10-27
> uid                  Fedora Project (Test Software) <rawhide at redhat.com>
>
> Used for Test releases and updates-testing.

  Interesting, as on the system where the check SUCCEEDS it reports
merely:

[root at localhost ~]# rpm -qa gpg-pubkey*
gpg-pubkey-4f2a6fd2-3f9d9d3b
[root at localhost ~]#

which does NOT include the "rawhide" key?  On the system which fails
the check, after importing and enabling only from fedora mirrors, I
find:

[root at localhost ~]# rpm -qa gpg-pubkey*
gpg-pubkey-4f2a6fd2-3f9d9d3b
gpg-pubkey-1cddbca9-3f9da14c
gpg-pubkey-e418e3aa-3f439953
[root at localhost ~]#

Does anyone recognize these other two keys?

> Both of which are installed on the system, however not imported into
> the rpmdb.

  Given that I tried both:

[root at localhost ~]# rpm --import
http://ftp.linux.ncsu.edu/pub/fedora/linux/development/i386/os/RPM-GPG-KEY-fedora-rawhide
[root at localhost ~]# rpm --import
http://ftp.linux.ncsu.edu/pub/fedora/linux/development/i386/os/RPM-GPG-KEY-rawhide
[root at localhost ~]#

on the system that failed to validate, without the desired effect,
some of the puzzle remains.  Does Pirut cache the imported keys when
it starts, and fail to notice any keys that have been imported by the
time one selects the "Apply updates" command button yet again?  Does
anyone have the time to read the source / experiment / Bugzilla this?

  One insight that I hope will not be used counter-productively, is
that the system where the check succeeds was installed from the f7
LiveCD.  The system where the check fails was installed from the f7
DVD.  While I still have not been shown which files or imported keys
account for its success, this user prefers the GPG-key capabilities
supplied by the system installed from the LiveCD.  Will this advantage
remain with these media of the f8 vintage?

  This may be something to record in:

  http://fedoraproject.org/wiki/F7ReleaseSummary

(in the vicinity of the item about NetworkManager being a default
application only on the LiveCD system) if we can only deduce what the
crucial difference with GPG keys is.

Cheers,
Nelson

p.s. Yes, in my hurry I burdened us with an imprecise Subject line,
which could have been more accurate as:
  all I wanted was to install an additional kernel, not a crypto lesson
Apologies for sloppily implying one could update a kernel.

More information about the fedora-test-list mailing list