[Yum-devel] .gpgkeyschecked.yum file and horrible problems

[Seth Vidal]

On Thu, 2008-08-14 at 14:27 -0400, Matthew Miller wrote:
> So, I'm updating BU Linux 5 (CentOS5 based) to use yum 3.2.18, and
> discovered a perplexing problem: On a newly-installed system with no rpm gpg
> keys imported, rather than offering to import the gpgkey defined in the repo
> file, it tells me that I ought to define one there (or else run rpm --import
> manually on a filename which does not exist -- a confusing error message if
> I didn't know better).
> 
> In playing around, I discovered that if I import a gpg key, run yum, and
> then remove the key with rpm -e, yum works just fine -- it asks to import
> the key as it ought.
> 
> So, clearly, yum's saving some sort of state (in an unhelpful way). A little
> investigation turns up /var/cache/yum/.gpgkeyschecked.yum -- touching that
> file removes the problem.
> 
> So, I went to yum/__init__.py and patched the gpgKeyCheck function to always
> return 1 (as if the .gpgkeyschecked.yum file is always there) and everything
> seems great.
> 
> So, uh, first of all: Buh? What? There seem to be two code paths for
> checking if there are gpg keys, the working one which imports the keys, and
> this function which is all, like, broke and stuff.
> 
> Second, assuming that gets fixed, the message telling people to run "rpm
> --import public.gpg.key" needs to be changed, because running that command
> will cause people to report this error:
> 
>   error: public.gpg.key: import read failed(-1).
> 
> which helps no one.

We're importing the keys to another location now, in addition to the rpm
database. I must have messed up something on the import check.

Can you recreate this consistently? 

-sv