[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Problems getting GPG key recognised by RPM

On Wed, Jul 21, 2004 at 02:48:24PM +0200, Eric Seynaeve wrote:
> I'm trying to import a GPG key into RPM for package signature checking. 
> However, the ascii armored key doesn't seem to be recognised by RPM, although 
> the pseudo-package is created.

I had the same problem today with the public key 414A57C3 for the samba 
packages in ftp.suse.com/projects/samba/3.0/

> Also, shouldn't the name of pseudo package give an indication as to the 
> key id?  

Yes. In my case, rpm used the key ID of a signature not of the key itself.

> What am I doing wrong? I found 
> http://lists.suse.com/archive/suse-security/2004-Mar/0073.html indicating 
> that the problem might be in the signature of the key. Can anybody shed some 
> light on this? How do I limit the export of the signature (the exported file 
> is larger than other found signature files). I have tried to export the key 
> from gpg with --openpgp or --pgp2 but that doesn't seem to influence the 
> export.

You can delete signatures from a key with the "delsig" command in the "edit" 
~> gpg --no-options --no-default-keyring --keyring temp.gpg --recv-keys [id]
~> gpg --no-options --no-default-keyring --keyring temp.gpg --edit [id]
Command> uid 1
Command> delsig

Now answer "y" to all signatures execpt the self-signatures. 
Repeat this for all UIDs.

Command> save
~> gpg --no-options --no-default-keyring --keyring temp.gpg -a -o temp.asc --export [id]
~> rpm --import temp.asc

Or maybe you should ask the package maintainer to provide a public key that
works with rpm :-)

Michel Messerschmidt           lists@xxxxxxxxxxxxxxxxxxxxxxx
antiVirusTestCenter, Computer Science, University of Hamburg

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here