On 31/05/2021 09.54, Roger Oberholtzer wrote:
If I download a package from Packman and install it
directly, I get
libvo-amrwbenc0-0.1.3-pm151.1.4.x86_64 (Plain RPM files cache):
Signature verification failed [4-Signatures public key is not
Of course if I add the repository this is all managed. But if I want
to just install the RPM direct, is there a package with the
certificates that I can install so this message is not given?
Now, this is an interesting question.
I just looked at man zypper, and did not find a way to export gpg keys,
with the intention to import them again on rpm command.
There is "/var/cache/zypp/pubkeys/", but it is empty.
Of course, if you know the identifier of a key and it is published, you
could download it from the gpg servers.
rpm has the command "rpmkeys" to handle keys. --import and --checksig,
display imported keys:
rpm -qa gpg-pubkey*
But it does not say who each key belongs to. Ah, "rpm -qi key", with a
key obtained in the previous command, gives info on the key and displays
the key block itself. And "rpm -qf key" tries to print where the key is
Telcontar:/var/cache/zypp # rpm -qf gpg-pubkey-eefefde9-58999f26
error: file /var/cache/zypp/gpg-pubkey-eefefde9-58999f26: No such file
Telcontar:/var/cache/zypp # ls /var/cache/zypp/gpg-pubkey*
ls: cannot access '/var/cache/zypp/gpg-pubkey*': No such file or directory
cer@Telcontar:~> zypper search --installed-only gpg-pubkey*
Loading repository data...
Reading installed packages...
No matching items found.
There is "openSUSE-build-key" package, though (Summary: The public gpg
keys for rpm package signature verification). It contains:
So, /usr/lib/rpm/gnupg/keys contains keys, Three keys in my case.
Cheers / Saludos,
Carlos E. R.
(from 15.2 x86_64 at Telcontar)