Can't verify package gpg signatures on Mandrake 10
I'm using 10 Community Ed (new to Linux), and am having some problems with gpg security keys and vertifying packages. I bought the Official Edition (not the boxed version, just the CDs from a company with a burning service). I tried to verify the package signitures, and that's where I hit problems.
Using 'rpm --checksig filename', none of the packages check out. I tried getting keys from one of the official mirrors and importing them, but still the same problem. I tried importing the keys from the CDs I have, and still no luck. Finally, I tried downloading a package from an official mirror, just to check if that was OK with the keys from the same mirror. Even that didn't work.
The only packages that check out are the security updates I download, for which I imported the Mandrake Security Team key.
I'd be grateful for any help with this. If it helps, here is the output from running 'rpm -qa gpg*' (should be the Security Team key and pubkeys 1 - 3 from the official mirrors; I imported some twice):
error: rpmdbNextIterator: skipping h# 422 Header V3 DSA signature: BAD, key ID 70771ff3
error: rpmdbNextIterator: skipping h# 804 Header V3 DSA signature: BAD, key ID 70771ff3
error: rpmdbNextIterator: skipping h# 850 Header V3 DSA signature: BAD, key ID 70771ff3
PS - is there a list of MD5SUMS for the Mandrake packages somewhere?