rpm --nosignature reversed meaning
Tomasz Pala
gotar at polanet.pl
Tue Aug 30 13:03:25 CEST 2016
Since we got the answer for this issue - th-admin, please publish separate GPG files.
As for the reversed meaning of --nosignature, assistance required.
Or RFC on enabling them unconditionally, following upstream rpm5.
On Tue, Aug 30, 2016 at 06:56:11 -0400, Jeffrey Johnson wrote:
>>> http://pld-devel-en.pld-linux.narkive.com/ZssnN7t4/rpm-va-bad-key-id
>> [...]
>> The same problem, but completely wrong diagnosis.
>>
>> ~: rpm --import PLD-3.0-Th-GPG-keyRSA.asc
>> ~: rpm --import PLD-3.0-Th-GPG-keyDSA.asc
>> ~: rpm -q gpg-pubkey
>> gpg-pubkey-e4f1bc2d-47b351f0
>> gpg-pubkey-eae6f8b8-47b35206
>>
>> That should be done when importing PLD-3.0-Th-GPG-key.asc - two distinct
>> keys, DSA and RSA. As you see I split them manually and now it verifies
>> correctly, so rpm simply can't handle properly multi-key import.
>>
>
> Yep: RPM has never handled subkeys nor concatenated armored pubkeys.
>
> So
> Don???t do that!
> (i.e. use separate imports for each pubkey instead) should suffice.
--
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en
mailing list