rpm --nosignature reversed meaning
Jan Rękorajski
baggins at pld-linux.org
Sun Sep 11 12:38:00 CEST 2016
On Sat, 10 Sep 2016, Tomasz Pala wrote:
> On Sat, Sep 10, 2016 at 11:41:46 +0300, Elan Ruusamäe wrote:
>
> >>> Since we got the answer for this issue - th-admin, please publish separate GPG files.
> >> Are we announcing PLD being dead? Current DSA+RSA GPG key is unusable
> >> for rpm, the one from FTP is being packaged, so it's also unusable.
> >> Nobody cares?
> >
> > and you really expecting th-admin picking up a task middle of huge
> > thread? you should had asked it from th-admin at pld-linux.org (or at least
> > cc:).
>
> Indeed, forgot to do so.
>
> > i don't bother understanding what this topic is about -- packages
> > install for me.
>
> RPM doesn't support subkeys, but we do not provide separate DSA key. Easy to test:
>
> 1. disable using keyserver: %_hkp_keyserver %{nil}
> 2. import joined key we do provide:
> rpm --import /etc/pki/rpm-gpg/PLD-3.0-Th-GPG-key.asc
> 3. try to verify any PLD package.
>
> > but, i could upload the files if you make concrete request with details
> > what needs to be done,
>
> GPG key that is being used for package signing needs to published (the
> public part of course). Note the singular 'key', NOT plural 'keyS'. One
> per file, if there are multiple keys used. Currently
> ftp://ftp.pld-linux.org/dists/3.0/PLD-3.0-Th-GPG-key.asc provides two
> (however I haven't seen any package signed by RSA one, AFAIR.)
Done.
I removed RSA key from the ftp://ftp.pld-linux.org/dists/3.0/PLD-3.0-Th-GPG-key.asc
file, as we indeed sign only with DSA key.
--
Jan Rękorajski | PLD/Linux
SysAdm | baggins<at>pld-linux.org | http://www.pld-linux.org/
More information about the pld-devel-en
mailing list