[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] APT & RPM signatures

Hash: SHA1

El 2006-03-02 a las 08:38 -0000, Administrator escribió:

> > You forgot to email to the list.
> Corrected.

Somehow, this one did not make to the list, unknown reason. Anyway, I'll 
email to list with private copy to you, so that others can contribute.

>>> Suffice to say that I have 2 sig keys missing, IDs 8750d2c4 and 
>>> 2e80fbc2.  I can't find rpmkey rpms for them.  I have found the keys 
>>> and downloaded them. They load into Kgpg on the SuSE box without 
>>> complaint.  RPM ignores them after import - key IDs not listed in 'rpm 
>>> -qa gpg-pubkey*'. Errors continue.  Can't do apt dist-upgrade without 
>>> turning off sig checking.  Bad.
>>> :-{
>> Suposedly, you have to import them with:
>> rpm --import public-key-file.asc
>> as root. I don't think Kgpg will inport them to the proper place
> I tried rpm --import.  It didn't have any noticeable effect, nor did it
> produce any errors.  I don't know what to try next ...

Then, the only thing you can try is (according to the man page):

       rpm -qa gpg-pubkey*

that should list all signatures available - it seems that all of them are 
of that pattern and get listed that way, there doen't seem to be a 
specific command to list only signatures regardless of pattern. Funny.


       rpm -qi gpg-pubkey-db42a60e

would give details about that key. With:

     rpm --checksig package.rpm

you check all digests signatures contained in package.rpm. Finally, you 
can try to remove the signature, in case it is badly imported:

       rpm -e gpg-pubkey-db42a60e

More than that, I simply do not know. I assume you have updated your 
system recently with YOU, there has been a patch correcting a "nasty" bug 
(IMHO) related to signature checking of rpms.

Broken database perhaps? Try --rebuilddb then...

- -- 
       Carlos Robinson
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here