On Fri, Apr 11, 2003 at 09:25:43AM +0100, Matt Gibson wrote:

...

what does rpm -v --checksig <some.rpm> tell you?

That works fine; it doesn't seem to be the md5 checksum signature, but the pgp signature of the package that's the problem.

rpm -v --checksig _does_ verify the gpg sig, too. if it does not tell you about gpg at all, then either there is no gpg sig, or it could not find gpg executable/libs (don't know if it uses only some lib routines, or the executable). in the later case, the suggested symlink from /usr/bin/gpg to /usr/local/bin/gpg could help. Lars