Can't verify package gpg signatures on Mandrake 10
I'm using 10 Community Ed (new to Linux), and am having some problems with gpg security keys and vertifying packages. I bought the Official Edition (not the boxed version, just the CDs from a company with a burning service). I tried to verify the package signitures, and that's where I hit problems.
Using 'rpm --checksig filename', none of the packages check out. I tried getting keys from one of the official mirrors and importing them, but still the same problem. I tried importing the keys from the CDs I have, and still no luck. Finally, I tried downloading a package from an official mirror, just to check if that was OK with the keys from the same mirror. Even that didn't work.
The only packages that check out are the security updates I download, for which I imported the Mandrake Security Team key.
I'd be grateful for any help with this. If it helps, here is the output from running 'rpm -qa gpg*' (should be the Security Team key and pubkeys 1 - 3 from the official mirrors; I imported some twice):
gpg-pubkey-78d019f5-3fd7504d
gpg-pubkey-78d019f5-3fd7504d
gpg-pubkey-70771ff3-3969e7de
gpg-pubkey-c431416d-3db4c821
gpg-pubkey-c431416d-3db4c821
error: rpmdbNextIterator: skipping h# 422 Header V3 DSA signature: BAD, key ID 70771ff3
gpg-pubkey-70771ff3-3969e7de
error: rpmdbNextIterator: skipping h# 804 Header V3 DSA signature: BAD, key ID 70771ff3
gpg-pubkey-22458a98-3969e7de
gpg-pubkey-70771ff3-3c8f768f
error: rpmdbNextIterator: skipping h# 850 Header V3 DSA signature: BAD, key ID 70771ff3
gpg-pubkey-70771ff3-3969e7de
PS - is there a list of MD5SUMS for the Mandrake packages somewhere?
Thanks,
Amir
|