rpm --nosignature reversed meaning
Tomasz Pala
gotar at polanet.pl
Tue Aug 30 12:44:25 CEST 2016
On Tue, Aug 30, 2016 at 06:30:24 -0400, Jeffrey Johnson wrote:
>> But I believe the PLD-Th-GPG issue was discussed in spring 2015 on pld-devel.
>
> This was the issue I was remembering:
>
> http://pld-devel-en.pld-linux.narkive.com/ZssnN7t4/rpm-va-bad-key-id
>
> That specific issue was resolved by disabling
> signature verification during ???verify, largely
> to avoid reimporting PLD-Th-GPG which was
> ???unacceptable???.
[...]
> Meanwhile, many RSA issues were repaired between
> rpm-5.4.14 and rpm-5.4.15.
>
> So issues with RSA are ???expected???.
The same problem, but completely wrong diagnosis.
~: rpm --import PLD-3.0-Th-GPG-keyRSA.asc
~: rpm --import PLD-3.0-Th-GPG-keyDSA.asc
~: rpm -q gpg-pubkey
gpg-pubkey-e4f1bc2d-47b351f0
gpg-pubkey-eae6f8b8-47b35206
That should be done when importing PLD-3.0-Th-GPG-key.asc - two distinct
keys, DSA and RSA. As you see I split them manually and now it verifies
correctly, so rpm simply can't handle properly multi-key import.
Please stop guessing about my guessings, just do the commands.
--
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en
mailing list