Comment # 4 on bug 1036659 from 
This will need some more investigation, and I need to get the build key
(0D210A40).

Authority for the trusted gpg keys is the rpm database, so the zypp trusted
keyring must be in sync with the keys stored in the rpm database (the
gpg-pubkey pseudo packages).

> [zypp] RpmDb.cc(syncTrustedKeys):966 Going to sync trusted keys...
> [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-0d210a40-581257c6 R_
>                                                      ^^^^^^^^^^^^^^^^^
> [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-307e3d54-4be01a65 R_
> [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-3dbdc284-53674dd4 R_
> [zypp] RpmDb.cc(syncTrustedKeys):970 Rpm keys to export into zypp trusted keyring: 3
> [zypp] RpmDb.cc(syncTrustedKeys):971 Zypp trusted keys to import into rpm database: 0
> [zypp] RpmDb.cc(syncTrustedKeys):977 Exporting rpm keyring into zypp trusted keyring

The initial sync finds key 0d210a40 (creation time -581257c6) int the rpm
database. After import into the gpg keyring, the creation time changed to
'-581257c7':

> Found keys: {
>    [20F8C4F40D210A40-581257c7] [KDE:Extra OBS Project <KDE:Extra@build.opensuse.org>]
>                            ^^
>    [B88B2FD43DBDC284-53674dd4] [openSUSE Project Signing Key <opensuse@opensuse.org>]
>    [E3A5C360307E3D54-4be01a65] [SuSE Package Signing Key <build@suse.de>]
> }

It almost looks like the key in PKs trusted zypp keyring (from a previous sync)
is 1 second newer than the one now in the rpm database. This is where the
trouble starts. 

> [zypp++] RpmDb.cc(updateIf):909 Old key in Z: gpg-pubkey-0d210a40-581257c6
> [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-0d210a40-581257c7 _Z
>                                             in Zypp but not in Rpm: ^^ ^^
> [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-307e3d54-4be01a65 RZ
> [zypp++] RpmDb.cc(computeKeyRingSync):946 gpg-pubkey-3dbdc284-53674dd4 RZ

PKs attempt to remove ....c7 from the keyring is correct.
But it also leads to removal of the older ....c6 in the rpm database, which is
a zypp issue (no matter if the 1 second difference is real (2 keys) or due to
rpm/zypp/gpg compute the creation time differently).


Anyway, these key handling details are nothing PK should care about. I'll add
some method to target->rpmDb(), which will load the rpmdb trusted keys in
manner sufficient for this usecase. Then you will just have to call this
methods and the details go into libzypp.

You are receiving this mail because: