Hi Martin,
It turns out that the key created by
KEY="$HOME/.ceph-workbench/release-team-key.asc"
if ! test -f $KEY ; then
printf "Key-Type: 1\nKey-Length: 2048\nSubkey-Type: 1\nSubkey-Length: 2048\nName-Real: Release Team\nName-Email: contact@xxxxxxxx\nExpire-Date: 0" | GNUPGHOME=~/.ceph-workbench gpg --batch --gen-key
GNUPGHOME=~/.ceph-workbench gpg --export --armor > $KEY
fi
cannot be used to verify RPM packages: rpm -K on the signed package claims the 69C8876E key is missing. It turns out to be related to the subkey.
--------------------------------------------
pub 2048R/B8F1ACED 2016-03-11
Key fingerprint = 7FEB E845 6F19 153B AAFC 2810 4597 2ACD B8F1 ACED
uid A Contributor <generous@xxxxxxxx>
sub 2048R/69C8876E 2016-03-11
rpm -K complains that the 69C8876E key is not available. After removing the subkey 69C8876E with gpg --edit-key and signing the RPM again, rpm -K is happy. This does not make any sense to me and I suspect there is an expert explanation that justify this behavior. The sensible way out seems to create a passwordless key with no subkey to avoid that problem. Do you happen to know how that can be done ?
Cheers
--
Loïc Dachary, Artisan Logiciel Libre
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
