[Yum-devel] .gpgkeyschecked.yum file and horrible problems

Matthew Miller mattdm at mattdm.org
Thu Aug 14 18:27:26 UTC 2008


So, I'm updating BU Linux 5 (CentOS5 based) to use yum 3.2.18, and
discovered a perplexing problem: On a newly-installed system with no rpm gpg
keys imported, rather than offering to import the gpgkey defined in the repo
file, it tells me that I ought to define one there (or else run rpm --import
manually on a filename which does not exist -- a confusing error message if
I didn't know better).

In playing around, I discovered that if I import a gpg key, run yum, and
then remove the key with rpm -e, yum works just fine -- it asks to import
the key as it ought.

So, clearly, yum's saving some sort of state (in an unhelpful way). A little
investigation turns up /var/cache/yum/.gpgkeyschecked.yum -- touching that
file removes the problem.

So, I went to yum/__init__.py and patched the gpgKeyCheck function to always
return 1 (as if the .gpgkeyschecked.yum file is always there) and everything
seems great.

So, uh, first of all: Buh? What? There seem to be two code paths for
checking if there are gpg keys, the working one which imports the keys, and
this function which is all, like, broke and stuff.

Second, assuming that gets fixed, the message telling people to run "rpm
--import public.gpg.key" needs to be changed, because running that command
will cause people to report this error:

  error: public.gpg.key: import read failed(-1).

which helps no one.


-- 
Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>



More information about the Yum-devel mailing list