'Bad' urpmi media key prevents upgrading from mga9 to mga10 due to more strict security policies. Besides that key used in mga9 is expiring 2025-12-31.
Depends on: (none) => 34918
mageia-release-9-2.1.mga9 in core/updates testing adds rpmdb-rebuild systemd service to upgrade urpmi media key. Updating is done automatic once during next reboot. rpmdb-rebuild service removes existing Mageia RPM signing key and imports a new one shipped with mageia-repos-9-4.1.mga9 updated in bug 34918. Bug 34918 is mainly for mock, but we can use the same key.
Before: $ rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2025-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> After upgrading to mageia-release-9-2.1.mga9 and reboot: $ rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org>
Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNEDCC: (none) => bruno
I have also updated pubkey in mga9 repositories to use same pubkey as in cauldron. New key has started to spread over mirrors. $ curl --silent https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/media_info/pubkey | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org>
SRPMS: mageia-release-9-2.1.mga9 RPMS: mageia-release-Default-9-2.1.mga9 mageia-release-common-9-2.1.mga9
No installation issues. Results of the commands in comment 2 are the same on my machine.
CC: (none) => andrewsfarm
Updated packages in bug#3918 installing mageia-repos-9-4.1.mga9.x86_64.rpm mageia-repos-pkgprefs-9-4.1.mga9.noarch.rpm mageia-repos-keys-9-4.1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################### 1/3: mageia-repos-keys ################################################################################################### 2/3: mageia-repos-pkgprefs ################################################################################################### 3/3: mageia-repos ################################################################################################### 1/3: removing mageia-repos-9-4.mga9.x86_64 ################################################################################################### 2/3: removing mageia-repos-keys-9-4.mga9.noarch ################################################################################################### 3/3: removing mageia-repos-pkgprefs-9-4.mga9.noarch ################################################################################################### writing /var/lib/rpm/installed-through-deps.list Install packages in this bug installing mageia-release-common-9-2.1.mga9.x86_64.rpm mageia-release-Default-9-2.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################### 1/2: mageia-release-common ################################################################################################### 2/2: mageia-release-Default ################################################################################################### 1/2: removing mageia-release-Default-9-2.mga9.x86_64 ################################################################################################### 2/2: removing mageia-release-common-9-2.mga9.x86_64 ################################################################################################### Created symlink /etc/systemd/system/basic.target.wants/rpmdb-updatekey.service -> /usr/lib/systemd/system/rpmdb-updatekey.service. Reboot rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [caduca: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org>
(In reply to katnatek from comment #6) > Updated packages in bug#3918 I mean bug#34918
- after updating per bug 34918 mga9 x86_64 updated both packages cleanly; Used rpmdrake and selected the packages manually. journalctl shows the symlink creation like in comment 6 Like Comment 2, I get exact same result before and after update of mageia-release.
CC: (none) => fri
Just to be extra sure I install some testing packages installing lib64sqlite3_0-3.40.1-1.4.mga9.x86_64.rpm sqlite3-tools-3.40.1-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################### 1/2: lib64sqlite3_0 ################################################################################################### 2/2: sqlite3-tools ################################################################################################### 1/3: removing sqlite3-tools-3.40.1-1.3.mga9.x86_64 ################################################################################################### 2/3: removing lib64sqlite3_0-3.40.1-1.3.mga9.x86_64 ################################################################################################### 3/3: removing lib64sqlite3_0-3.40.1-1.mga9.x86_64 ################################################################################################### Then downgrade LC_ALL=C urpmi --update --downgrade lib64sqlite3_0 sqlite3-toolsThe following packages have to be removed for others to be upgraded: lib64sqlite3_0-3.40.1-1.4.mga9.x86_64 (in order to install lib64sqlite3_0-3.40.1-1.3.mga9.x86_64) sqlite3-tools-3.40.1-1.4.mga9.x86_64 (in order to install sqlite3-tools-3.40.1-1.3.mga9.x86_64) (y/N) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/sqlite3-tools-3.40.1-1.3.mga9.x86_64.rpm installing lib64sqlite3_0-3.40.1-1.3.mga9.x86_64.rpm sqlite3-tools-3.40.1-1.3.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################### 1/2: lib64sqlite3_0 ################################################################################################### 2/2: sqlite3-tools ################################################################################################### 1/2: removing sqlite3-tools-3.40.1-1.4.mga9.x86_64 ################################################################################################### 2/2: removing lib64sqlite3_0-3.40.1-1.4.mga9.x86_64 ################################################################################################### Looks good to me
Whiteboard: (none) => MGA9-64-OK
I have installed these update packages but am not certain how to test. I have run the rpmdb-updatekey.service but it shows an error (see bellow). I think a "-" prefix should be added to ExecStartPre= to prevent the service from failing when the package to be removed does not exist. See "Table 2. Special executable prefixes" in https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html System: Mageia 9, x86_64, AMD Ryzen 5 5600G with Radeon Graphics $ rpm -qa | grep mageia-release- mageia-release-common-9-2.1.mga9 mageia-release-Default-9-2.1.mga9 $ rpm -qa | grep gpg-pubkey | sort gpg-pubkey-0c1289c0-58c6ad7d gpg-pubkey-1c130082-4b77ec74 gpg-pubkey-3a79bd29-61b8bab7 gpg-pubkey-7fac5991-4615767f gpg-pubkey-80420f66-5d0d4576 gpg-pubkey-d38b4796-570c8cd3 gpg-pubkey-df7587c3-576a5c23 $ systemctl start rpmdb-updatekey Job for rpmdb-updatekey.service failed because the control process exited with error code. See "systemctl status rpmdb-updatekey.service" and "journalctl -xeu rpmdb-updatekey.service" for details. $ LANGUAGE=C systemctl status rpmdb-updatekey × rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2025-12-29 18:11:37 WET; 16s ago Process: 33192 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-4d4fe123 (code=exited, status=1/FAILURE) CPU: 10ms dez 29 18:11:37 jupiter systemd[1]: Starting rpmdb-updatekey.service... dez 29 18:11:37 jupiter rpm[33192]: erro: o pacote gpg-pubkey-80420f66-4d4fe123 não está instalado dez 29 18:11:37 jupiter systemd[1]: rpmdb-updatekey.service: Control process exited, code=exited, status=1/FAILURE dez 29 18:11:37 jupiter systemd[1]: rpmdb-updatekey.service: Failed with result 'exit-code'. dez 29 18:11:37 jupiter systemd[1]: Failed to start rpmdb-updatekey.service.
CC: (none) => mageiaWhiteboard: MGA9-64-OK => (none)
Oops, I removed the MGA9-64-OK by accident.
Keywords: (none) => advisory
(In reply to PC LX from comment #10) > I have installed these update packages but am not certain how to test. > I have run the rpmdb-updatekey.service but it shows an error (see bellow). > > I think a "-" prefix should be added to ExecStartPre= to prevent the service > from failing when the package to be removed does not exist. > See "Table 2. Special executable prefixes" in > https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html > Sure, it can be added, but I'm wondering how it's possible to not have our pkg signing key installed? What's the output of $ rpm -q gpg-pubkey-80420f66-5d0d4576 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key
On my i586 hardware, after updating the packages and rebooting, the command in comment 2 responds with "gpg: no valid OpenPGP data found." Did I miss a step? Also, if simply updating these packages and rebooting was supposed to be enough to allow update installs from the 10alpha1 CI, it didn't work on an x86_64 Plasma install. I still get the error when attempting to add supplementary media from bug 34909. Maybe I need to wait longer...
After reboot here: $ systemctl status rpmdb-updatekey.service ○ rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: inactive (dead) since Mon 2025-12-29 22:01:09 CET; 18min ago Process: 1214 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-4d4fe123 (code=exited, status=0/SUCCESS) Process: 1513 ExecStart=/usr/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia (code=exited, status=0/SUCCESS) Process: 1514 ExecStartPost=rm -f /var/lib/rpm/.updatekey (code=exited, status=0/SUCCESS) Main PID: 1513 (code=exited, status=0/SUCCESS) CPU: 1.639s dec 29 22:01:07 svarten.tribun systemd[1]: Starting rpmdb-updatekey.service... dec 29 22:01:07 svarten.tribun [RPM][1214]: Transaction ID 6952ec13 started dec 29 22:01:08 svarten.tribun [RPM][1214]: erase gpg-pubkey-80420f66-4d4fe123: success dec 29 22:01:09 svarten.tribun [RPM][1214]: erase gpg-pubkey-80420f66-4d4fe123: success dec 29 22:01:09 svarten.tribun [RPM][1214]: Transaction ID 6952ec13 finished: 0 dec 29 22:01:09 svarten.tribun systemd[1]: rpmdb-updatekey.service: Deactivated successfully. dec 29 22:01:09 svarten.tribun systemd[1]: Finished rpmdb-updatekey.service. dec 29 22:01:09 svarten.tribun systemd[1]: rpmdb-updatekey.service: Consumed 1.639s CPU time. $ rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | LC_ALL=C gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> $ rpm -q gpg-pubkey-80420f66-5d0d4576 --queryformat='%{DESCRIPTION}\n' | LC_ALL=C gpg2 --show-key gpg: no valid OpenPGP data found.
Morgan & Thomas did you update first the packages in bug#34918 (In reply to Thomas Andrews from comment #13) > Also, if simply updating these packages and rebooting was supposed to be > enough to allow update installs from the 10alpha1 CI, it didn't work on an > x86_64 Plasma install. I still get the error when attempting to add > supplementary media from bug 34909. Maybe I need to wait longer... Need to check I suspect that also require packages in bug#34914
In VM after update in one step this and bug#34918 LC_ALL=C rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [caduca: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> Will try an upgrade
(In reply to katnatek from comment #15) > Morgan & Thomas did you update first the packages in bug#34918 > Yes. I updated and reported on those before updating the packages in this bug.
(In reply to Thomas Andrews from comment #17) > (In reply to katnatek from comment #15) > > Morgan & Thomas did you update first the packages in bug#34918 > > > Yes. I updated and reported on those before updating the packages in this > bug. Same for me.
Created attachment 15268 [details] Fail in the update (In reply to katnatek from comment #16) > In VM after update in one step this and bug#34918 > > LC_ALL=C rpm -q gpg-pubkey-80420f66-4d4fe123 > --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key > pub rsa4096 2011-02-07 [SCEA] [caduca: 2029-12-31] > 00EDB89585B012A8916F0DF8B742FA8B80420F66 > uid Mageia Packages <packages@mageia.org> > > Will try an upgrade Adding online repositories reach one point where fail due signatures , other than that the process goes far beyond previous test
I'm seeing this on my i586 real hardware: rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2025-12-29 18:25:46 EST; 7min ago Process: 660 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-4d4fe123 (code=exited, status=1/FAILURE) CPU: 53ms Dec 29 18:25:46 localhost.localdomain systemd[1]: Starting rpmdb-updatekey.service... Dec 29 18:25:46 localhost.localdomain rpm[660]: error: package gpg-pubkey-80420f66-4d4fe123 is not installed Dec 29 18:25:46 localhost.localdomain systemd[1]: rpmdb-updatekey.service: Control process exited, code=exited, status=1/FA> Dec 29 18:25:46 localhost.localdomain systemd[1]: rpmdb-updatekey.service: Failed with result 'exit-code'. Dec 29 18:25:46 localhost.localdomain systemd[1]: Failed to start rpmdb-updatekey.service. ~ Notice it failed because the gpg-pubkeypackage it was looking for wasn't installed. And yet: [tom@localhost ~]$ rpm -qa mageia-repos-keys mageia-repos-keys-9-4.1.mga9 [tom@localhost ~]$ gpg2 --show-key /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> And: $ rpm -q gpg-pubkey-80420f66-5d0d4576 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2025-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org>
CC: (none) => stephengermany
RH i586 installing /var/cache/urpmi/rpms/ldetect-lst-0.6.63-1.mga9.i586.rpm //home/katnatek/qa-testing/i586/mageia-repos-keys-9-4.1.mga9.noarch.rpm //home/katnatek/qa-testing/i586/mageia-repos-9-4.1.mga9.i586.rpm //home/katnatek/qa-testing/i586/mageia-release-common-9-2.1.mga9.i586.rpm //home/katnatek/qa-testing/i586/mageia-release-Default-9-2.1.mga9.i586.rpm /var/cache/urpmi/rpms/less-678-1.2.mga9.i586.rpm //home/katnatek/qa-testing/i586/mageia-repos-pkgprefs-9-4.1.mga9.noarch.rpm Preparing... ####################################################################################### 1/7: mageia-repos-pkgprefs ####################################################################################### 2/7: mageia-repos-keys ####################################################################################### 3/7: mageia-release-Default ####################################################################################### 4/7: mageia-repos ####################################################################################### 5/7: mageia-release-common ####################################################################################### 6/7: ldetect-lst ####################################################################################### 7/7: less ####################################################################################### 1/7: removing mageia-release-common-9-2.mga9.i586 ####################################################################################### Created symlink /etc/systemd/system/basic.target.wants/rpmdb-updatekey.service -> /usr/lib/systemd/system/rpmdb-updatekey.service. 2/7: removing mageia-repos-9-4.mga9.i586 ####################################################################################### 3/7: removing mageia-release-Default-9-2.mga9.i586 ####################################################################################### 4/7: removing mageia-repos-keys-9-4.mga9.noarch ####################################################################################### 5/7: removing mageia-repos-pkgprefs-9-4.mga9.noarch ####################################################################################### 6/7: removing less-678-1.1.mga9.i586 ####################################################################################### 7/7: removing ldetect-lst-0.6.61-1.mga9.i586 ####################################################################################### reboot I see the same that Thomas systemctl status rpmdb-updatekey.service × rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2025-12-29 18:31:17 CST; 6min ago CPU: 71ms dic 29 18:31:12 cefiro systemd[1]: Starting rpmdb-updatekey.service... dic 29 18:31:17 cefiro rpm[729]: error: el paquete gpg-pubkey-80420f66-4d4fe123 no está instalado dic 29 18:31:17 cefiro systemd[1]: rpmdb-updatekey.service: Control process exited, code=exited, status=1/FAILURE dic 29 18:31:17 cefiro systemd[1]: rpmdb-updatekey.service: Failed with result 'exit-code'. dic 29 18:31:17 cefiro systemd[1]: Failed to start rpmdb-updatekey.service. journalctl -xe --no-hostname |grep rpm dic 29 18:31:12 systemd[1]: Starting rpmdb-updatekey.service... ░░ Subject: A start job for unit rpmdb-updatekey.service has begun execution ░░ A start job for unit rpmdb-updatekey.service has begun execution. dic 29 18:31:17 rpm[729]: error: el paquete gpg-pubkey-80420f66-4d4fe123 no está instalado dic 29 18:31:17 systemd[1]: rpmdb-updatekey.service: Control process exited, code=exited, status=1/FAILURE ░░ An ExecStartPre= process belonging to unit rpmdb-updatekey.service has exited. dic 29 18:31:17 systemd[1]: rpmdb-updatekey.service: Failed with result 'exit-code'. ░░ The unit rpmdb-updatekey.service has entered the 'failed' state with result 'exit-code'. dic 29 18:31:17 systemd[1]: Failed to start rpmdb-updatekey.service. ░░ Subject: A start job for unit rpmdb-updatekey.service has failed ░░ A start job for unit rpmdb-updatekey.service has finished with a failure. Look that for i586 the gpg packages is gpg-pubkey-80420f66-5d0d4576
(In reply to Jani Välimaa from comment #12) > (In reply to PC LX from comment #10) > > I have installed these update packages but am not certain how to test. > > I have run the rpmdb-updatekey.service but it shows an error (see bellow). > > > > I think a "-" prefix should be added to ExecStartPre= to prevent the service > > from failing when the package to be removed does not exist. > > See "Table 2. Special executable prefixes" in > > https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html > > > > Sure, it can be added, but I'm wondering how it's possible to not have our > pkg signing key installed? Maybe the service had already been run and the package removed but I don't see it in the logs. """ $ journalctl -u rpmdb-updatekey.service dez 29 18:09:57 jupiter systemd[1]: Starting rpmdb-updatekey.service... dez 29 18:09:57 jupiter rpm[33150]: erro: o pacote gpg-pubkey-80420f66-4d4fe123 não está instalado dez 29 18:09:57 jupiter systemd[1]: rpmdb-updatekey.service: Control process exited, code=exited, status=1/FAILURE dez 29 18:09:57 jupiter systemd[1]: rpmdb-updatekey.service: Failed with result 'exit-code'. dez 29 18:09:57 jupiter systemd[1]: Failed to start rpmdb-updatekey.service. dez 29 18:11:37 jupiter systemd[1]: Starting rpmdb-updatekey.service... dez 29 18:11:37 jupiter rpm[33192]: erro: o pacote gpg-pubkey-80420f66-4d4fe123 não está instalado dez 29 18:11:37 jupiter systemd[1]: rpmdb-updatekey.service: Control process exited, code=exited, status=1/FAILURE dez 29 18:11:37 jupiter systemd[1]: rpmdb-updatekey.service: Failed with result 'exit-code'. dez 29 18:11:37 jupiter systemd[1]: Failed to start rpmdb-updatekey.service. $ journalctl --list-boots IDX BOOT ID FIRST ENTRY LAST ENTRY -6 97419236b9bc46cf9d42a37375ef72dd Tue 2025-12-23 09:28:41 WET Wed 2025-12-24 01:37:33 WET -5 bf0a2059ab02461191c839ff6d2950a4 Wed 2025-12-24 11:28:34 WET Wed 2025-12-24 16:47:27 WET -4 cf46218f91f643ae99a52463b787009f Thu 2025-12-25 18:55:01 WET Fri 2025-12-26 01:38:48 WET -3 cda4cc84365d4a5c9e024db933cbb4e8 Fri 2025-12-26 10:29:00 WET Sat 2025-12-27 02:16:49 WET -2 dbc1fec7d90f47f69be4d50e2d50314e Sat 2025-12-27 10:04:52 WET Sun 2025-12-28 02:29:18 WET -1 dc2eac18fdcd4d6c9ea09bc6b6c73ce7 Sun 2025-12-28 12:00:01 WET Mon 2025-12-29 01:59:40 WET 0 e8452da01e474ab29c66bdcddc9c88db Mon 2025-12-29 11:25:08 WET Tue 2025-12-30 00:53:21 WET """ > What's the output of > $ rpm -q gpg-pubkey-80420f66-5d0d4576 --queryformat='%{DESCRIPTION}\n' | > gpg2 --show-key """ $ rpm -q gpg-pubkey-80420f66-5d0d4576 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key gpg: cabeçalho de armadura: Version: rpm-4.16.1.2 (NSS-3) pub rsa4096 2011-02-07 [SCEA] [expires: 2025-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> """
Also there is no mention of the package being uninstalled. """ $ journalctl | grep gpg-pubkey-80420f66-4d4fe123 dez 29 18:09:57 jupiter rpm[33150]: erro: o pacote gpg-pubkey-80420f66-4d4fe123 não está instalado dez 29 18:11:37 jupiter rpm[33192]: erro: o pacote gpg-pubkey-80420f66-4d4fe123 não está instalado """
(In reply to PC LX from comment #23) > Also there is no mention of the package being uninstalled. > > """ > $ journalctl | grep gpg-pubkey-80420f66-4d4fe123 > dez 29 18:09:57 jupiter rpm[33150]: erro: o pacote > gpg-pubkey-80420f66-4d4fe123 não está instalado > dez 29 18:11:37 jupiter rpm[33192]: erro: o pacote > gpg-pubkey-80420f66-4d4fe123 não está instalado > """ the problem is ttry to remove wrong key for i586 rpm -e gpg-pubkey-80420f66-4d4fe123 Should be rpm -e gpg-pubkey-80420f66-5d0d4576
RPMS: mageia-release-Default-9-2.2.mga9 mageia-release-common-9-2.2.mga9 SRPM:mageia-release-9-2.2.mga9 For 64b users that test the previous round you will see after reboot systemctl status rpmdb-updatekey.service ○ rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: inactive (dead) Condition: start condition failed at Mon 2025-12-29 20:45:29 CST; 1min 36s ago └─ ConditionPathExists=/var/lib/rpm/.updatekey was not met dic 29 20:45:29 jgrey.phoenix systemd[1]: rpmdb-updatekey.service was skipped because of an unmet condition check (ConditionPathExist> It worried me if this works in armv7hl or aarch64, but we not have way to test
RH i586 after update & reboot systemctl status rpmdb-updatekey.service ○ rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: inactive (dead) since Mon 2025-12-29 21:40:16 CST; 2min 23s ago Process: 731 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-5d0d4576 (code=exited, status=0/SUCCESS) Process: 835 ExecStart=/usr/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia (code=exited, status=0/SUCCESS) Process: 846 ExecStartPost=rm -f /var/lib/rpm/.updatekey (code=exited, status=0/SUCCESS) Main PID: 835 (code=exited, status=0/SUCCESS) CPU: 3.391s dic 29 21:40:00 cefiro systemd[1]: Starting rpmdb-updatekey.service... dic 29 21:40:06 cefiro [RPM][731]: Transaction ID 69534996 started dic 29 21:40:10 cefiro [RPM][731]: erase gpg-pubkey-80420f66-5d0d4576: success dic 29 21:40:14 cefiro [RPM][731]: erase gpg-pubkey-80420f66-5d0d4576: success dic 29 21:40:16 cefiro [RPM][731]: Transaction ID 69534996 finished: 0 dic 29 21:40:16 cefiro systemd[1]: rpmdb-updatekey.service: Deactivated successfully. dic 29 21:40:16 cefiro systemd[1]: Finished rpmdb-updatekey.service. dic 29 21:40:16 cefiro systemd[1]: rpmdb-updatekey.service: Consumed 3.391s CPU time. rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [caduca: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> not have idea why the original key have diferent name on i586 systems Looks OK
Can someone with real 32 bit machine to output the following before the update test? $ rpm -qi gpg-pubkey-80420f66-5d0d4576
mageia-release-9-2.3.mga9 from core/updates_testing should handle removing the key despite the architecture or key being used.
(In reply to Jani Välimaa from comment #27) > Can someone with real 32 bit machine to output the following before the > update test? > > $ rpm -qi gpg-pubkey-80420f66-5d0d4576 On my Thinkpad T43: $ rpm -qi gpg-pubkey-80420f66-5d0d4576 Name : gpg-pubkey Version : 80420f66 Release : 5d0d4576 Architecture: (none) Install Date: mån 23 jan 2023 23:53:45 Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : fre 21 jun 2019 23:00:38 Build Host : localhost Packager : Mageia Packages <packages@mageia.org> Summary : Mageia Packages <packages@mageia.org> public key Description : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: rpm-4.16.1.2 (NSS-3) mQINBE1P4SMBEADaT0GrCfaMWjVAdpMCbArG7pIq1F1oWEp1HToSZ5Hbl+gK4WzQ t8oJqwIyU7VY4rBeFJ80R6IdzT5yS+IwIbHCuGctABnK+iSLshNQzx5RaV+kYMWZ tCnHUQVZzAW2I7pJdeqD9I8TN+Wu223TYyVMMKis+7SPHJjtJzJ8vonIk6Fr0byz qcEhwy7TOSrOS5HCumO/k20rp9mtd1clANjA8NjebNqem28WoLlrHgathKaeh0s+ sq3oClG2ZsbVVbt6yyf46LS1iTboDikeGHY+ujNb+cdqgx46Zb8r3BF/C5UiC8Gd c1Dv0kfCP29lTQOwWIJhODn3ylNxcHWGh5yreTak/U2cTQzwHMdtOw7/3TFTDEF+ qedey+Ipo2FcFhqx+t8gC6DVIfkG4xqwkA+0Q9CWGpHQdHktV1vmYr4pxUnLOMJR gKzXNjop20uSHVAH1CyRo3Hx+jKVbGH0vUIfuDTLtDt8mygzPOyUOzhfPTh9zs7t 19ynBd+lE5AFKbCnlIrX0F11cMnAYppxYE8nYtxPOqkGnA/rLpzlfztxTaqLAe7H dmurWTs2NjTgCr1nry3+7id1ruY7Ysr76QaXGxR251ycmxZiPUoMFebtfdPdsw04 cXpZDKazZhdje2FQL1SDmJaTrF3EDQG6u/MrWiAAMnkEW8UZM/m5fr/gpQARAQAB tCVNYWdlaWEgUGFja2FnZXMgPHBhY2thZ2VzQG1hZ2VpYS5vcmc+iQI+BBMBAgAo AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCXQ1FdgUJHAWtVQAKCRC3QvqL gEIPZsoOEADHJIrCusf6PDwEXPiGdYe7TT1JB/mz79QtlbOVmsYBze1ughTzASK2 rIlUGXfylXcuOTv6uN4VKqcsuENrWIZiGGiZ57GfNi9+xiMJgfYkqd8qh/eWGoit kAaauocf6meWxsXSA/99c2LIFWHIjBOL/c/FJIaDF64kl0tdPHYaIjfTZgRarkoP GbjAL0rvv4MXky2B6E0ErBaJ+ECGpRc2j2aa5eeNeQvFH67xtQn+t52oLzH65oBC m4/ifiMNFAYDFseMXErL/6QkrxPaBMB+xqIueoJO1wFP+sIO17h+G6+Gk8K1kwXp mdKtor7h5xiFGbcV5pmSVXUk/prSEOvI0m5zPZvdrotm6n6jv4qgjeun0ZizOvbS jI3gzAR1Umi0d/8CfNFYySU65oVsyodbAEZB5o2EGAk97vjyKpDV1KQwswpEuKSM bB8X0sOLZUAbzwjvWW3YCyZgxtkLxA9fdEX7UAjHDXwQBz+VvSS41ge7ANvCFNZY HAqDNGh5Of3Es+kckktXrOzbxTS+4NFo7L+Br9mAuoG1j3xuiyHNvRRN7aOX3VPj DAsH3mOfd5NQ3V+o41pc3Jh+z0Cj+pys2egyf8CKeWCUMGpU4K3nn+YkaKpjQLEz ulp/rVaKtwGSnnG5wrS2uZHYosQfDCNhMjx8gLzfvgQVSf8EZltxag== =q/Ch -----END PGP PUBLIC KEY BLOCK----- I will keep this non-updated until we want to test next version
Hmmm. Looks like the key is from mga8 era. I'll install mga8 later, but just out of curiosity. Anyhow, mageia-release-9-2.3.mga9 should work OK.
On the 2 i686 systems I still have (performing Firewalling), the package you request is not available: [root@xx ~]# rpm -qi gpg-pubkey-80420f66-5d0d4576 package gpg-pubkey-80420f66-5d0d4576 is not installed [root@xx ~]# rpm -qi gpg-pubkey-80420f66-4d4fe123 Name : gpg-pubkey Version : 80420f66 Release : 4d4fe123 Architecture: (none) Install Date: Thu Jan 3 05:04:40 2013 Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : Thu Jan 3 05:04:40 2013 Build Host : localhost Summary : gpg(Mageia Packages <packages@mageia.org>) Description : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: rpm-4.9.1.3 (NSS-3) mQINBE1P4SMBEADaT0GrCfaMWjVAdpMCbArG7pIq1F1oWEp1HToSZ5Hbl+gK4WzQ t8oJqwIyU7VY4rBeFJ80R6IdzT5yS+IwIbHCuGctABnK+iSLshNQzx5RaV+kYMWZ tCnHUQVZzAW2I7pJdeqD9I8TN+Wu223TYyVMMKis+7SPHJjtJzJ8vonIk6Fr0byz qcEhwy7TOSrOS5HCumO/k20rp9mtd1clANjA8NjebNqem28WoLlrHgathKaeh0s+ sq3oClG2ZsbVVbt6yyf46LS1iTboDikeGHY+ujNb+cdqgx46Zb8r3BF/C5UiC8Gd c1Dv0kfCP29lTQOwWIJhODn3ylNxcHWGh5yreTak/U2cTQzwHMdtOw7/3TFTDEF+ qedey+Ipo2FcFhqx+t8gC6DVIfkG4xqwkA+0Q9CWGpHQdHktV1vmYr4pxUnLOMJR gKzXNjop20uSHVAH1CyRo3Hx+jKVbGH0vUIfuDTLtDt8mygzPOyUOzhfPTh9zs7t 19ynBd+lE5AFKbCnlIrX0F11cMnAYppxYE8nYtxPOqkGnA/rLpzlfztxTaqLAe7H dmurWTs2NjTgCr1nry3+7id1ruY7Ysr76QaXGxR251ycmxZiPUoMFebtfdPdsw04 cXpZDKazZhdje2FQL1SDmJaTrF3EDQG6u/MrWiAAMnkEW8UZM/m5fr/gpQARAQAB tCVNYWdlaWEgUGFja2FnZXMgPHBhY2thZ2VzQG1hZ2VpYS5vcmc+iQI+BBMBAgAo BQJNT+EjAhsvBQkCD1gABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC3QvqL gEIPZk/2D/wKGR5bhjH0cEDF9R9/Jf30Xs5s50LT+52hHYoGIENbehhp2YKE7+K2 J10NLT8XGPrcyhUdu90vXJi4MRD076EnlqQLBVLsEA2yndMQFlEdRfzsQdI+HbR/ CMLWo5YM+TIZUVMauV1MU15GBN9hyiQc2UQen+zMp96KAnOmNbbQ+71g7XBBOOUd P5bDgBLmLlkMAFwVk9tnU93cewOs0qB22ZdL7dTPl/1eXdSUHmatYXBN49ir0pMm FhBlZefjVYQ36l9KN8Y51WnB0ErZwd8sDZI4SjSMtDa1JYTHmXGebNt7M8NAB+RL fMw7741R8ZixhHYdQZJZ7J2nuZcFnWj65N6fR1coz35KXk+J7+raPYPRhcDBQfw2 zjarXf3+9MT5Zac02UKr5tkEECUeCmBmCGh+wqZSmxdKKbt3NaxlCZn6HZBXOvm+ MsT5vP3g9c+34yZV3Eb+bE/7+uTZcDQsoxmh3st340NAOBddcEsJTDt4NSBCJPYn 8XWo3NUjcL6ocQFYYUMB088kMjsyXTB03d/LG/CHrFfNHdNhQSFFOU3sLPM/X2ES /2ojnJ34ClB2d1wFXOKDSlsEqCioB5G7ET6aJ+AFTYt9Od+bJIjqDVmH7Kxi7jS5 RafapRno7kAqlczO0WN9VgspS5nib2X/Hq7KWQYYLqyy2WIDRRpbOg== =5bqr -----END PGP PUBLIC KEY BLOCK----- These systems have been deployed initialy using mageia 2 and then updated with urpmi at each new version.
On Foolishness, my Dell Inspiron 5100, after latest update and reboot: # systemctl status rpmdb-updatekey.service ○ rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: inactive (dead) since Tue 2025-12-30 09:07:49 EST; 6min ago Process: 657 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-4d4fe123 (code=exited, status=1/FAILURE) Process: 658 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-5d0d4576 (code=exited, status=0/SUCCESS) Process: 687 ExecStart=/usr/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia (code=exited, status=0/SUCCESS) Process: 688 ExecStartPost=rm -f /var/lib/rpm/.updatekey (code=exited, status=0/SUCCESS) Main PID: 687 (code=exited, status=0/SUCCESS) CPU: 2.169s Dec 30 09:07:45 localhost.localdomain systemd[1]: Starting rpmdb-updatekey.service... Dec 30 09:07:46 localhost.localdomain rpm[657]: error: package gpg-pubkey-80420f66-4d4fe123 is not installed Dec 30 09:07:46 localhost.localdomain [RPM][658]: Transaction ID 6953dcb2 started Dec 30 09:07:48 localhost.localdomain [RPM][658]: erase gpg-pubkey-80420f66-5d0d4576: success Dec 30 09:07:48 localhost.localdomain [RPM][658]: erase gpg-pubkey-80420f66-5d0d4576: success Dec 30 09:07:49 localhost.localdomain [RPM][658]: Transaction ID 6953dcb2 finished: 0 Dec 30 09:07:49 localhost.localdomain systemd[1]: rpmdb-updatekey.service: Deactivated successfully. Dec 30 09:07:49 localhost.localdomain systemd[1]: Finished rpmdb-updatekey.service. Dec 30 09:07:49 localhost.localdomain systemd[1]: rpmdb-updatekey.service: Consumed 2.169s CPU time. $ rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> Looks like it worked this time. Now to do a new 64-bit test...
To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") mageia-release-Default 9 2.3.mga9 x86_64 mageia-release-common 9 2.3.mga9 x86_64 769B of additional disk space will be used. 55KB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) installing mageia-release-common-9-2.3.mga9.x86_64.rpm mageia-release-Default-9-2.3.mga9.x86_64.rpm from //home/tom/qa-testing/x86_64 Preparing... ################################################### 1/2: mageia-release-common ################################################### 2/2: mageia-release-Default ################################################### 1/2: removing mageia-release-Default-9-2.mga9.x86_64 ################################################### 2/2: removing mageia-release-common-9-2.mga9.x86_64 ################################################### Created symlink /etc/systemd/system/basic.target.wants/rpmdb-updatekey.service → /usr/lib/systemd/system/rpmdb-updatekey.service. After the reboot: # systemctl status rpmdb-updatekey.service ○ rpmdb-updatekey.service - Update Mageia RPM signing key Loaded: loaded (/usr/lib/systemd/system/rpmdb-updatekey.service; enabled; preset: enabled) Active: inactive (dead) since Tue 2025-12-30 12:52:08 EST; 2h 56min left Process: 781 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-4d4fe123 (code=exited, status=0/SUCCESS) Process: 814 ExecStartPre=/usr/bin/rpm -e --nodeps gpg-pubkey-80420f66-5d0d4576 (code=exited, status=1/FAILURE) Process: 815 ExecStart=/usr/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia (code=exited, status=0/SUCCESS) Process: 816 ExecStartPost=rm -f /var/lib/rpm/.updatekey (code=exited, status=0/SUCCESS) Main PID: 815 (code=exited, status=0/SUCCESS) CPU: 1.601s Dec 30 12:52:05 localhost.localdomain systemd[1]: Starting rpmdb-updatekey.service... Dec 30 12:52:05 localhost.localdomain [RPM][781]: Transaction ID 69541145 started Dec 30 12:52:07 localhost.localdomain [RPM][781]: erase gpg-pubkey-80420f66-4d4fe123: success Dec 30 12:52:07 localhost.localdomain [RPM][781]: erase gpg-pubkey-80420f66-4d4fe123: success Dec 30 12:52:07 localhost.localdomain [RPM][781]: Transaction ID 69541145 finished: 0 Dec 30 12:52:07 localhost.localdomain rpm[814]: error: package gpg-pubkey-80420f66-5d0d4576 is not installed Dec 30 12:52:08 localhost.localdomain systemd[1]: rpmdb-updatekey.service: Deactivated successfully. Dec 30 12:52:08 localhost.localdomain systemd[1]: Finished rpmdb-updatekey.service. Dec 30 12:52:08 localhost.localdomain systemd[1]: rpmdb-updatekey.service: Consumed 1.601s CPU time. ~ [tom@localhost ~]$ rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key gpg: WARNING: unsafe permissions on homedir '/home/tom/.gnupg' pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> I figured out the unsafe permissions thing. After an SSD failure many months ago, I had reconstructed much of my production home directory by copying it from this one. That left permissions for /home/tom/.gnupg set to let anybody read the contents. I just changed them so that "tom" is the only one with access, and ran the command again. [tom@localhost ~]$ rpm -q gpg-pubkey-80420f66-4d4fe123 --queryformat='%{DESCRIPTION}\n' | gpg2 --show-key pub rsa4096 2011-02-07 [SCEA] [expires: 2029-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid Mageia Packages <packages@mageia.org> As you can see, the warning is now gone.
Advisory updated
Validating.
Keywords: (none) => validated_updateWhiteboard: MGA9-64-OK => MGA9-64-OK MGA9-32-OKCC: (none) => sysadmin-bugs
Removing the validation because of bug 34918 comment 13.
Keywords: validated_update => (none)
Blocks: (none) => 34853
Better to get also this one FIXED.
Keywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2025-0109.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Keywords: (none) => FOR_ERRATA9, FOR_RELEASENOTES10
Keywords: FOR_ERRATA9 => IN_ERRATA9
Keywords: FOR_RELEASENOTES10 => IN_RELEASENOTES10