rpm --nosignature reversed meaning
n3npq at me.com
Tue Aug 30 12:56:11 CEST 2016
> On Aug 30, 2016, at 6:44 AM, Tomasz Pala <gotar at polanet.pl> wrote:
> On Tue, Aug 30, 2016 at 06:30:24 -0400, Jeffrey Johnson wrote:
>>> But I believe the PLD-Th-GPG issue was discussed in spring 2015 on pld-devel.
>> This was the issue I was remembering:
>> That specific issue was resolved by disabling
>> signature verification during ???verify, largely
>> to avoid reimporting PLD-Th-GPG which was
>> Meanwhile, many RSA issues were repaired between
>> rpm-5.4.14 and rpm-5.4.15.
>> So issues with RSA are ???expected???.
> The same problem, but completely wrong diagnosis.
> ~: rpm --import PLD-3.0-Th-GPG-keyRSA.asc
> ~: rpm --import PLD-3.0-Th-GPG-keyDSA.asc
> ~: rpm -q gpg-pubkey
> That should be done when importing PLD-3.0-Th-GPG-key.asc - two distinct
> keys, DSA and RSA. As you see I split them manually and now it verifies
> correctly, so rpm simply can't handle properly multi-key import.
Yep: RPM has never handled subkeys nor concatenated armored pubkeys.
Don’t do that!
(i.e. use separate imports for each pubkey instead) should suffice.
Traditionally RPM truncated a pubkey to only a single packet, but
now imports the entire set of packets which — if malformed —
will lead to some surprises.
Note that there are many malformed/misused pubkeys even on sky key servers:
its not clear how to filter blobs appropriately. WYSIWYG is as good as random
pruning. Diagnosis is far more difficult with actively filtered packets as well.
> Please stop guessing about my guessings, just do the commands.
Um, I’m not sure how an import into rpm-5.4.18 on El Capitan (what I have at hand)
has any relevance to a PLD issue. I don’t normally run PLD here.
73 de Jeff
> Tomasz Pala <gotar at pld-linux.org>
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
More information about the pld-devel-en