> Edward Wynn wrote: > > > > Hi, > > > > I am trying to use yum to update my FC1 system. > > > > I have followed the instructions present on the website, including > > upgrading yum, setting up the yum.conf file and importing the GPG > > key via rpm ?import. > > <<snip>> > > What am I missing ? what is wrong with GPG keys? > > <<snip>> By following those directions, you only imported the Fedora Legacy GPG key. Many or most packages are signed with the original Fedora Project key, which is likely what you need here. On Monday, November 8 2005, James Kosin wrote: > You must have a fresh install of FC1... Somewhere about a year or so > ago the fedora group had to install new GPG keys for the packages; > because their keys had expired about md-project with FC1. I had never heard anything about Fedora Project keys expiring. Where did you get this from, James? AFAIK, the Red Hat Fedora Project key has been the same, for all Fedora Core distros, since the beginning of the Fedora project with FC1. > It should be safe to get yum to ignore the GPG signature for the > moment to update your system... Then import the fedora-legacy keys. > Or maybe someone could resign all the packages with the fedora-legacy > key. Resigning all the packages with FL key wouldn't be practical. It's a good idea to use GPG signatures, not only from a security stand- point, but also from a data-corruption standpoint as well, as the signa- tures should detect both failures. On Tue, 8 Nov 2005, Edward Wynn wrote: > Thanks for the hint - any ideas on how to get yum to ignore the GPG > keys? I had considered doing that myself but can't find how to do it. > > Alternatively can't I just import the old keys from somewhere now? > Yes, you can. When I do an $ rpm -qi on pango, I get this line: Signature: DSA/SHA1, Tue 28 Oct 2003 06:19:41 PM CST, Key ID b44269d04f2a6fd2 The public key ID for Fedora Core is 'b44269d04f2a6fd2', or the last 8 characters of the key should do, '4f2a6fd2'. There are a number of ways one can go about getting the Fedora Core public key. 1) If you have the original CD-ROM's for FC1, on Disc 1 is the file 'RPM-GPG-KEY-fedora'. If you have that file, do: # rpm --import /mnt/cdrom/RPM-GPG-KEY-fedora 2) You can get the PGP key from Red Hat's Fedora website: # wget http://fedora.redhat.com/about/security/4F2A6FD2.txt # rpm --import 4F2A6FD2.txt 3) Or you can import the required key into your PGP database froma public keyserver using this command: # gpg --keyserver hkp://pgpkeys.mit.edu --recv-keys 4F2A6FD2 then export it from the PGP database to an ASCII-armored file: # gpg -a --export 4F2A6FD2 >/tmp/fedora-key.asc Once that is done, you can import that to RPM: # rpm --import /tmp/fedora-key.asc # rm /tmp/fedora-key.asc 4) Also see the 'GPG keys' page at the Fedora Project for other ways of getting the key and more info about it: <http://fedora.redhat.com/about/security/> Hope this helped. -David -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list