Robert Schiele wrote:

On Fri, Mar 05, 2004 at 10:08:10AM +0100, Rainer Lay wrote:

...

Hi,

whem I am signing rpms, the signed seems to be not OK:

...

faui6r [rpm-rainer/SRPMS] 46% rpm -K /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm: sha1 md5 OK faui6r [rpm-rainer/SRPMS] 47% rpm --addsign /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm Enter pass phrase: Das Passwort ist richtig. /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm: faui6r [rpm-rainer/SRPMS] 48% rpm -K /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm /tmp/rpm-rainer/RPMS/i586/iftop-0.16-0.pm.1.i586.rpm: (SHA1) DSA sha1 md5 GPG NOT OK

Whats wrong? My key ID is 0xCD3140CD This key is imported with rpm --import rainer.asc

rpm is version rpm-4.1.1-71

Any hints?

RPM also had problems with my key. It did not issue any errors or warnings on importing it, but could not handle it. It didn't even get the key id right. After some investigation of the problem I found that it was confused by some subpackages in my key. Thus I built a version of my public key that only included the key itself, the primary uid and one self signature. This short version of my public key made rpm happy.

What is "rpm -qa 'gpg-pubkey-*'" telling you? Did it get your key id right?

rtower [lib/rpm] 21# rpm -qa 'gpg-pubkey*' gpg-pubkey-cd3140cd-3eca95d5 gpg-pubkey-cd3140cd-3d468b40 Fehler: rpmdbNextIterator: skipping h# 666 Header V3 DSA signature: BAD, key ID cd3140cd Fehler: rpmdbNextIterator: skipping h# 573 Header V3 DSA signature: BAD, key ID cd3140cd Fehler: rpmdbNextIterator: skipping h# 860 Header V3 DSA signature: BAD, key ID cd3140cd Fehler: rpmdbNextIterator: skipping h# 956 Header V3 DSA signature: BAD, key ID cd3140cd gpg-pubkey-cd3140cd-3eca95d5 gpg-pubkey-9c800aca-39eef481 gpg-pubkey-cd3140cd-3eca95d5 gpg-pubkey-3d25d3d9-36e12d04 gpg-pubkey-cd3140cd-3d468b40 Fehler: rpmdbNextIterator: skipping h# 972 Header V3 DSA signature: BAD, key ID cd3140cd rtower [lib/rpm] 22# It looks like rpm is importing each signature as individual key! So I had to delete my own keys rpm the rpm database: rpm -e --allmatches gpg-pubkey-cd3140cd-3eca95d5 rpm -e --allmatches gpg-pubkey-cd3140cd-3d468b40 Than, I created a key export WITHOUT signatures and imported that in rpm. Now it looks ok. Thanx to Robert. rgds, Rainer