rpm gpg verification problem
Hi,
I was trying to install a thridparty program (keychain from gentoo.org/proj/en/keychain.xml) according to the instructions on the website, I tried to verify the downloaded rpm as follows: bash-2.05b# gpg --keyserver pgp.mit.edu --recv-key 302A3876 gpg: /root/.gnupg: directory created gpg: /root/.gnupg/options: new options file created gpg: you have to start GnuPG again, so it can read the new options file bash-2.05b# gpg --keyserver pgp.mit.edu --recv-key 302A3876 gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: requesting key 302A3876 from HKP keyserver pgp.mit.edu gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 302A3876: public key imported gpg: Total number processed: 1 gpg: imported: 1 rpm -K keychain-2.0.2-1.noarch.rpm keychain-2.0.2-1.noarch.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#302a3876) It seems that somehow redhat rpm program can not find the gpg keys created by gpg program. Any help would be appreciated. |
Something probably has gone wrong on your side. I just tried it (as non-root user) w/o probs. Two paths to check: first of all you just seem to have installed GPG, maybe check your config settings. Second, do a "rpm --checksig --no --nogpg" to verify at least the MD5sum is correct, if it isn't then you downloaded a b0rken rpm.
|
thanks unSpawn,
I did exactly what you suggested, but things are getting more and more strange! in the rpm man page --nogpg (and --nopgp) are listed. however, when i do one of the following: rpm --checksig --nogpg > --nogpg: unknown option rpm --checksig --no --nogpg (the secound option --no you suggested was it a mistake) > --no : unkown option rpm --checksig --nopgp > --nopgp: unknown option I am totally puzzelled now. (Tried upgrading rpm package from redhat, but found that it is same version 4.1-1.06 as i have ) What do you think is happening. by the way i tried to verify rpm package using rpm --K command and it works fine. |
same problem just ignored it
I ran into the same issue with the exact same package. I never found a fix. I just ignored it (I know, not a great idea, especially when dealing with a security related program like keychain).
Mike |
All times are GMT -5. The time now is 04:02 AM. |