[Yum-devel] .gpgkeyschecked.yum file and horrible problems

[Seth Vidal]

On Thu, 2008-08-14 at 14:55 -0400, Matthew Miller wrote:
> On Thu, Aug 14, 2008 at 02:26:24PM -0400, Seth Vidal wrote:
> > We're importing the keys to another location now, in addition to the rpm
> > database. I must have messed up something on the import check.
> > Can you recreate this consistently? 
> 
> Yep. And trivially. Put the system in a fresh state with "rpm -e
> --allmatches gpg-pubkey; rm /var/cache/yum/.gpgkeyschecked.yum" and it gives
> the error message every time.
> 
> Touch /var/cache/yum/.gpgkeyschecked.yum and then on next run it offers to
> import the key defined in the repo file.
> 
> This happens on both BU Linux and on Fedora Rawhide, so I know it's not just
> my weird setup.
> 
> I can't test very well because of packages in rawhide not being actually
> signed, but it appears to me that if I touch
> /var/cache/yum/.gpgkeyschecked.yum manually, I'm not getting keys copied to
> any other location -- that would be /var/cache/yum/[repo]/gpgdir, right?
> 
> Since doing that as a workaround (well, actually, short-circuiting the
> function) seems to work fine, is there any downside? (Are keys still checked
> in the old way if the copied files are missing? How does it handle multiple
> repos with only one flag file?)
> 
> I appreciate the quick response, by the way.

Found the problem - we added a check so we could have a separate
repo.repo_gpgcheck option in the repo config. But the or'ing of that vs
repo.gpgcheck needed to be in parens to make the logic of the if
statement dtrt. It's just been checked in and it does work now.

thanks for the clear case on it.

-sv