[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] APT & RPM signatures



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


El 2006-03-02 a las 08:38 -0000, Administrator escribió:

> > You forgot to email to the list.
> 
> Corrected.

Somehow, this one did not make to the list, unknown reason. Anyway, I'll 
email to list with private copy to you, so that others can contribute.

 
>>> Suffice to say that I have 2 sig keys missing, IDs 8750d2c4 and 
>>> 2e80fbc2.  I can't find rpmkey rpms for them.  I have found the keys 
>>> and downloaded them. They load into Kgpg on the SuSE box without 
>>> complaint.  RPM ignores them after import - key IDs not listed in 'rpm 
>>> -qa gpg-pubkey*'. Errors continue.  Can't do apt dist-upgrade without 
>>> turning off sig checking.  Bad.
>>> :-{
>>
>>
>> Suposedly, you have to import them with:
>>
>> rpm --import public-key-file.asc
>>
>> as root. I don't think Kgpg will inport them to the proper place
> 
> I tried rpm --import.  It didn't have any noticeable effect, nor did it
> produce any errors.  I don't know what to try next ...

Then, the only thing you can try is (according to the man page):

       rpm -qa gpg-pubkey*

that should list all signatures available - it seems that all of them are 
of that pattern and get listed that way, there doen't seem to be a 
specific command to list only signatures regardless of pattern. Funny.

Then, 

       rpm -qi gpg-pubkey-db42a60e

would give details about that key. With:

     rpm --checksig package.rpm

you check all digests signatures contained in package.rpm. Finally, you 
can try to remove the signature, in case it is badly imported:

       rpm -e gpg-pubkey-db42a60e

More than that, I simply do not know. I assume you have updated your 
system recently with YOU, there has been a patch correcting a "nasty" bug 
(IMHO) related to signature checking of rpms.

Broken database perhaps? Try --rebuilddb then...


- -- 
Saludos
       Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFEBsqatTMYHG2NR9URArF/AJ9nMG6ISku/BiHEzFynZsZ7WlJ45gCeLD6X
+bW2+9sLIr+OWzCTO+2BltI=
=5ZNA
-----END PGP SIGNATURE-----

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here