Mailinglist Archive: opensuse-security (109 mails)

< Previous Next >
RE: [suse-security] APT & RPM signatures
  • From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
  • Date: Thu, 2 Mar 2006 11:35:59 +0100 (CET)
  • Message-id: <Pine.LNX.4.61.0603021122110.28408@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


El 2006-03-02 a las 08:38 -0000, Administrator escribió:

> > You forgot to email to the list.
>
> Corrected.

Somehow, this one did not make to the list, unknown reason. Anyway, I'll
email to list with private copy to you, so that others can contribute.


>>> Suffice to say that I have 2 sig keys missing, IDs 8750d2c4 and
>>> 2e80fbc2. I can't find rpmkey rpms for them. I have found the keys
>>> and downloaded them. They load into Kgpg on the SuSE box without
>>> complaint. RPM ignores them after import - key IDs not listed in 'rpm
>>> -qa gpg-pubkey*'. Errors continue. Can't do apt dist-upgrade without
>>> turning off sig checking. Bad.
>>> :-{
>>
>>
>> Suposedly, you have to import them with:
>>
>> rpm --import public-key-file.asc
>>
>> as root. I don't think Kgpg will inport them to the proper place
>
> I tried rpm --import. It didn't have any noticeable effect, nor did it
> produce any errors. I don't know what to try next ...

Then, the only thing you can try is (according to the man page):

rpm -qa gpg-pubkey*

that should list all signatures available - it seems that all of them are
of that pattern and get listed that way, there doen't seem to be a
specific command to list only signatures regardless of pattern. Funny.

Then,

rpm -qi gpg-pubkey-db42a60e

would give details about that key. With:

rpm --checksig package.rpm

you check all digests signatures contained in package.rpm. Finally, you
can try to remove the signature, in case it is badly imported:

rpm -e gpg-pubkey-db42a60e

More than that, I simply do not know. I assume you have updated your
system recently with YOU, there has been a patch correcting a "nasty" bug
(IMHO) related to signature checking of rpms.

Broken database perhaps? Try --rebuilddb then...


- --
Saludos
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFEBsqatTMYHG2NR9URArF/AJ9nMG6ISku/BiHEzFynZsZ7WlJ45gCeLD6X
+bW2+9sLIr+OWzCTO+2BltI=
=5ZNA
-----END PGP SIGNATURE-----
< Previous Next >