On 11/22/2011 08:44 PM, Andre Robatino wrote: > Andre Robatino<robatino<at> fedoraproject.org> writes: > >> The old keys are available at https://fedoraproject.org/en/keys under "OBSOLETE >> KEYS" if you want to download and import them. > > Should add that by default yum checks RPMs against ANY of your imported keys, so > you should probably uninstall obsolete keys like this after using them. > Importing a key creates a package with a name like > "gpg-pubkey-a82ba4b7-4e2df47d" which you can remove in the usual way. You can > identify which key is which by running "rpm -qi gpg-pubkey-a82ba4b7-4e2df47d | > grep ^Summary", for example. I filed > https://bugzilla.redhat.com/show_bug.cgi?id=422221 a long time ago for yum to > check that a package is signed with a specific repo's key, but it hasn't been > implemented yet. > Thanks Andre -- this worked great -- all of the rpms resolved to 'gpg ok'. I truncated one file as a test and it failed. I ran across this : http://fedoraproject.org/wiki/Enabling_new_signing_key ...but the link for the F9 new kwy is broken and the sha1sum on the web page doesn't match the fedora-release-9-5.transition.noarch.rpm in koji. http://kojipkgs.fedoraproject.org/packages/fedora-release/9/5.transition/noarch/fedora-release-9-5.transition.noarch.rpm My sha1sum says : 9374b20a8e30f6d0423e2ffaae0dc985333c2664 rpm -K passed for it and the fingerprint of the RPM-GPG-KEY-fedora-8-and-9 key matched OBSOLETES so I decided it was good and used it. --- John -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
