/etc/RPM-GPG-KEYS are not Mageia's

[ Please reassign to proper component / rpm if not okay ]

* This concerns an install on a formatted disk, not an upgrade.

ls -al /etc/RPM-GPG-KEYS

-rw-r--r-- 1 root root 8080 Aug 23 2003 22458a98.asc # Mandriva Security
-rw-r--r-- 1 root root 1430 Aug 23 2003 70771ff3.asc # Mandriva Linux
-rw-r--r-- 1 root root 1462 Aug 23 2003 9b4a4024.asc # MandrakeSoft

$ gpg --list-keys mageia
pub 4096R/80420F66 2011-02-07 [expires: 2012-03-13]
uid Mageia Packages <email address hidden>

pub 4096R/DA10B483 2011-03-08 [expires: 2012-04-11]
uid Mageia Release <email address hidden>

pub 4096R/41BCD9E7 2011-04-18 [expires: 2012-05-22]
uid Mageia Software <email address hidden>

$ rpm -qa |grep pubk
gpg-pubkey-80420f66-4d4fe123

in the gnupg rpm this is in SOURCES/mdk-keys.tar.bz2 which should be changed.

The following snippet should do the trick to regenerate the keys :

 for i in 41BCD9E7 DA10B483 80420F66; do gpg --recv $i ; gpg -a -o $i.asc --export $i ;done;

I guess this warrant a update

On the other hand, do we need to keep the directory ?

What is it used for, with current rpm ?

In my idea Michael's snippet may not do the trick: last time I tried a gnupg key with exteral signatures did not import into rpm. After all, rpm may not even use the said keys from /etc, but IMHO they are supposed to be rpm-workable keys.

Gnupg can strip everything external, or surely at Mageia there is a clean set of keys saved somewhere.

But my attempts at importing keys into rpm date from 6 to 8 years ago, so what I say may no longer be true.

If one want's to clean the key with gnupg: gpg --edit-key <keyid> followed by minimize, quit and --export...

sorry, i need to give a keyserver, which one can i give ?

gpg: no keyserver known (use option --keyserver)
gpg: keyserver receive failed: bad URI

Normally in ~/.gnupg/gpg.conf, but this should always work:
--keyserver hkp://pgp.mit.edu:11371

The 'pubkey' file - if need be with added extension '.asc' - in the media_info directory of each repository is equal in content to the clean rpm-gpg-keys.

e.g. mv pubkey pubkey.asc
gpg --import pubkey.asc

and observe stdout !

Bug assigned to the package maintainer.

@boklm @dmorgan:

Kindly review. IMHO this should be a release blocker for Mga2.

Thanks!

tracked at https://bugs.launchpad.net/rpm/+bug/913222

Hi,

This bug was filed against cauldron, but we do not have cauldron at the moment.

Please report whether this bug is still valid for Mageia 2.

Thanks :)

Cheers,
marja

Still valid for 2 and Cauldron.

 .

Still valid for beta3.

Isn't is about time this was solved? It looks really bad on Mageia if we cannot fix this before final release !

Valid for 3RC. Almost 2 years old

Valid for prerelease isos of Mageia 3 final

Package updated in svn to remove /etc/RPM-GPG-KEYS.

And submitted to Mageia 3 by ennael.

Nicolas: thanks for the fix. But for good order's sake: did you ascertain that the absence of the directory has no negative effects for anything like rpm building or other?

I couldn't find anything using that directory. And since the directory had wrong keys since the begining of Mageia, we should have noticed if it broke something important.

'like the way u think.