rpm --nosignature reversed meaning

Tomasz Pala gotar at polanet.pl
Tue Aug 30 12:57:53 CEST 2016


On Tue, Aug 30, 2016 at 05:56:43 -0400, Jeffrey Johnson wrote:

> The 2 line snippet is DNS to port 53 ??? disabling hkp:// is an entirely different
> functionality than disabling signature verification.

I didn't want to disable it (on contrary, I need them to be
unconditional), just to make them local.

>> ~: rpm -qp --nosignature  keepassx-2.0.2-2.x86_64.rpm	(reversed meaning in query mode bug)
>> error: keepassx-2.0.2-2.x86_64.rpm: Header V4 DSA signature: BAD, key ID e4f1bc2d
>> error: reading keepassx-2.0.2-2.x86_64.rpm manifest, non-printable characters found
>> 
> 
> Um, I believe I???ve used that pubkey ??? see if there isn???t a report from
> spring 2015 on pld-devel ??? the issue was that the RSA fingerprint was
> fixed and so that pubkey had to be reimported. I???ve forgotten ???
> 
> What version of rpm is this?

rpm-5.4.15-35.x86_64 - this is completely fresh system, commands run for
the first time, so no keys imported before, no leftovers.

>> ~: diff PLD-3.0-Th-GPG-key.asc /etc/pki/rpm-gpg/PLD-3.0-Th-GPG-key.asc 
> 
> Try removing and reimporting.

Doesn't work until I manually split this into RSA and DSA.

>> (BTW this key is not automatically imported to rpm database).
> 
> No pubkey is automatically imported by RPM, particularly those retrieved from hkp://
> or externally generated signatures.

It would be nice to have some tool to import from hkp:// directly. I did
lynx/wget/vi magic to fetch them, how to do this straight from cmdline?

> Anyways if you give me a URL to the pubkey and a package signed with that pubkey, I???ll
> (again) sort out the details.

I'm using
ftp://ftp.th.pld-linux.org/dists/th/PLD-3.0-Th-GPG-key.asc
ftp://ftp.th.pld-linux.org/dists/th/PLD/x86_64/RPMS/keepassx-2.0.2-2.x86_64.rpm

-- 
Tomasz Pala <gotar at pld-linux.org>


More information about the pld-devel-en mailing list