[Yum] warning: rpmts_HdrFromFdno: V3 DSA signature: NOKEY, key ID 66534c2b

Robert G. Brown rgb at phy.duke.edu
Wed Dec 15 19:00:17 UTC 2004


On Wed, 15 Dec 2004, Cormac J. Gebruers wrote:

> 
> Yum has been running happily for an age on FC2 (kernel 2.6.9-1.6_FC2). 
> Last week I did my usual "yum update" and it failed (output below). I've 
> done a "yum clean all" but still can't do an update today.

It looks like you're missing a GPG public key for the listed packages,
from the looks of things.  This could happen for one of a couple of
reasons:

  a) The source/mirror from which you get the packages changed keypairs
without your knowing it;

  b) Somebody managed to slip some trojanned rpm's into your
update/mirror stream.

In the first case the solution is simple.  Determine the appropriate
public gpg keys for the packages (from their ORIGINAL repository,
usually -- note that there are a set of keys in the FC2 toplevel
directory you probably installed from) and running e.g.:

  rpm --import new.key

You can verify this easily enough, BTW.  Try running rpm -Uvh
/var/cache/yum/whatever/*.rpm on one of the rpm's and see if the problem
isn't pre-yum with the rpm db itself.

The second case is what gpgcheck=1 in your /etc/yum.conf if designed to
catch -- somebody slipping trojanned packages into your update stream
without your knowledge.  However, if and only if you are certain that
the packages are "good" packages and you CANNOT find the correct public
key (a suspicious pair of circumstances all by itself) you can always
turn gpgchecking off.  Obviously this is a generically Really Bad Idea
for production systems, but it might be reasonable to do while playing
around with a particular box you are prototyping on until you get all
the keys straightened out.

Oh, one other thing you can always do is rebuild the rpm's from source
(rpms) locally, signing or not as you please.  That way you have the
sources and can check them or trust them as your degree of paranoia
dictates.

   rgb

> 
> Suggestions please?
> 
> Regards
> Cormac
> 
> Yum error output:
> 
> warning: rpmts_HdrFromFdno: V3 DSA signature: NOKEY, key ID 66534c2b
> public key not available for 
> //var/cache/yum/at-stable/packages/popt-1.9.1-21_35.rhfc2.at.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/opensp-1.5.1-9.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/libosp4-1.5.1-9.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/lm_sensors-2.8.8-36.rhfc2.at.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/rpm-devel-4.3.2-21_35.rhfc2.at.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/librpm4.3-4.3.2-21_35.rhfc2.at.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/lftp-3.0.12-19.rhfc2.at.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/rpm-4.3.2-21_35.rhfc2.at.i386.rpm
> public key not available for 
> //var/cache/yum/at-stable/packages/rpm-python-4.3.2-21_35.rhfc2.at.i386.rpm
> 
> _______________________________________________
> Yum mailing list
> Yum at lists.dulug.duke.edu
> https://lists.dulug.duke.edu/mailman/listinfo/yum
> 

-- 
Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu





More information about the Yum mailing list