LinuxQuestions.org - rpm gpg verification problem

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - rpm gpg verification problem (https://www.linuxquestions.org/questions/linux-general-1/rpm-gpg-verification-problem-117626/)

rpm gpg verification problem

Hi,

I was trying to install a thridparty program (keychain from gentoo.org/proj/en/keychain.xml)
according to the instructions on the website, I tried to verify the downloaded rpm as follows:
bash-2.05b# gpg --keyserver pgp.mit.edu --recv-key
302A3876
gpg: /root/.gnupg: directory created
gpg: /root/.gnupg/options: new options file created
gpg: you have to start GnuPG again, so it can read the new
options file
bash-2.05b# gpg --keyserver pgp.mit.edu --recv-key
302A3876
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 302A3876 from HKP keyserver
pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 302A3876: public key imported
gpg: Total number processed: 1
gpg: imported: 1

rpm -K keychain-2.0.2-1.noarch.rpm
keychain-2.0.2-1.noarch.rpm: md5 (GPG) NOT OK (MISSING
KEYS: GPG#302a3876)

It seems that somehow redhat rpm program can not find the gpg keys created by gpg program.

Any help would be appreciated.

Something probably has gone wrong on your side. I just tried it (as non-root user) w/o probs. Two paths to check: first of all you just seem to have installed GPG, maybe check your config settings. Second, do a "rpm --checksig --no --nogpg" to verify at least the MD5sum is correct, if it isn't then you downloaded a b0rken rpm.

thanks unSpawn,

I did exactly what you suggested, but things are getting more and more strange!

in the rpm man page --nogpg (and --nopgp) are listed.

however, when i do one of the following:

rpm --checksig --nogpg
> --nogpg: unknown option
rpm --checksig --no --nogpg (the secound option --no you suggested was it a mistake)
> --no : unkown option
rpm --checksig --nopgp
> --nopgp: unknown option

I am totally puzzelled now. (Tried upgrading rpm package from redhat, but found that it is same version 4.1-1.06 as i have )

What do you think is happening.

by the way i tried to verify rpm package using rpm --K command and it works fine.

same problem just ignored it

I ran into the same issue with the exact same package. I never found a fix. I just ignored it (I know, not a great idea, especially when dealing with a security related program like keychain).

Mike