rpm --nosignature reversed meaning
Tomasz Pala
gotar at polanet.pl
Tue Aug 30 11:57:28 CEST 2016
On Tue, Aug 30, 2016 at 11:50:45 +0200, Tomasz Pala wrote:
>> D: PUB: AF3F93BC E4F1BC2D V4 DSA
>> D: SIG: AF3F93BC E4F1BC2D V4 DSA-SHA1 POSITIVE
>> D: PUB: 732FDFDE EAE6F8B8 V4 RSA
>> D: SIG: 732FDFDE EAE6F8B8 V4 RSA-SHA1 POSITIVE
>> D: UID: RSApub (PLD Linux Distribution 3.0 (Th)) <th-admin at pld-linux.org>
>> D: ========== DSA pubkey id af3f93bc e4f1bc2d (h#968[0])
>> error: keepassx-2.0.2-2.x86_64.rpm: Header V4 DSA signature: BAD, key ID e4f1bc2d
>>
>> Am I simply wrong, or is it the same DSA key signature with different results?
>
> http://ha.pool.sks-keyservers.net/pks/lookup?op=hget&search=5B9E545012899D925DE92F364995E354
[...]
> from this place rpm -qi gpg-pubkey follows (additional lines):
>
> hUsAoJ44g5TWhmvGqXUiDOIAjfw6QXSvAKCLWEANVGfXOihK7zxAMvXqZj2wepiNBEezUgYB
> BADTsxN1pG5XtEcXwLayVtr1frEKNIE5ckWmKxx8040/ql+p9tzWtteRL5uAh5VbtfdQnFt4
> gFoZJPsm1zMFsx9+LhV5nm5ZIowztde3vxyxCRuO90+PJy+N2DFHmIQMeuDzATN6O8VKUO2K
> 1yzAaMmZdPC56cEidSjg9M95v/814wARAQABtEFSU0FwdWIgKFBMRCBMaW51eCBEaXN0cmli
> dXRpb24gMy4wIChUaCkpIDx0aC1hZG1pbkBwbGQtbGludXgub3JnPoi2BBMBAgAgBQJHs1IG
> AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQcy/f3urm+Lg8dwP7BdZCN5OTnwbwskRo
> Ae4Hxs9t9hxW05maLJD5zyQTm+eL2o2uvIkzq67soB2aUVNPm0RCqnzh99BaqQSAGj4bpBcj
> eFup2mhGy706QS6eaVl9cNigsfi3ehvAE5Qd5N5V12olY4Sik7q/F9MH+F/GAiPRdCpzLM2x
Apparently rpm concatenated DSA with RSA and uses it as a single key:
~: rpm -qi gpg-pubkey
Summary : gpg(RSApub (PLD Linux Distribution 3.0 (Th)) <th-admin at pld-linux.org>)
while this is DSA+RSA.
--
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en
mailing list