PDA

View Full Version : Update and newkey



cornelius785
28th October 2008, 03:30 AM
Initially, I updated to the new key and repos and everything appeared to go fine. After a while I became suspicious from the lack of any updates. I checked which repos I have enabled and the gpg key. I have the update-newkey repo enabled, but still have the old key. I followed the instructions for importing the new key (download a file and run 'gpg --import'), but it doesn't appear to change. When I try to import what I think is the new key, it says "gpg: key 4F2A6FD2: "Fedora Project <fedora@redhat.com>" not changed" and running "gpg --fingerprint fedora@redhat.com" confirms this

Am I downloading the correct file? Do I need to remove any keys, if so, how do I do that? I'm just a little lost on what to try next and hesitant to try stuff that could make a bigger problem.

Seve
28th October 2008, 03:47 AM
Hello:
If you read and followed the instructions below you should be good to go.
https://fedoraproject.org/wiki/New_signing_key
https://fedoraproject.org/wiki/Enabling_new_signing_key
Is there something in particular that makes you feel things are not right?

Seve

stoat
28th October 2008, 04:13 AM
After a while I became suspicious from the lack of any updates.Hello cornelius785 and Seve,

You know, sometimes (especially lately) people who have noticed no package updates for a while have the yum-protectbase plugin installed. Maybe you should check that out. What yum plugins do you have installed? Search here with yum+updates+protectbase, and you will see what I mean and what to do about it.




Do I need to remove any keys, if so, how do I do that?I don't think you need to remove any keys unless you just want to do that. Having an obsolete key shouldn't harm anything or cause what you are seeing (no updates for a while). But anyway, you remove a key from the rpm database with rpm just like removing a package...
rpm -e gpg-pubkey-xxxxxxxxIf you have accidentally imported a key mulitple times and it causes trouble when trying to remove them (and it will), use an option for that like this...
rpm -e --allmatches gpg-pubkey-xxxxxxxxYou can list the keys that have been imported into the rpm database also just like querying packages...
rpm -qa gpg-pubkey

P.S.: Just FYI, the actual key files themselves are stored in /etc/pki/rpm-gpg, and from there they are imported into the rpm database. Removing a key from the rpm database doesn't delete the key itself from /etc/pki/rpm-gpg (and vice versa). It does no harm for the key to sit there after having been removed from the database, but it can be deleted like any other file. I used to like keeping all of that real tidy (delete obsoletes, duplicates, etc.). But after this recent key thing, that folder is flooded with new keys and even more symbolic links. Now I pretty much stay out of there.