On Fri, 2004-07-23 at 08:01, Michel Salim wrote: > I checked fedora-installdevkeys and it seems to just perform rpm > --root ~/.fedorarpm --import PUBKEY; so after downloading the > developer's public key (gpg --recv-keys 1b4259b3 ; gpg --export > --armor 1b4259b3 > PUBKEY) I did just this. > > rpmlint'ing or fedora-rpmchecksig'ing the .src.rpm kept giving a > MISSING KEY warning though. What did I do wrong? rpmlint does not use ~/.fedorarpm, so MISSING KEY is expected with it. fedora-rpmchecksig does use it, but in order to successfully import some keys, after retrieving it from a keyserver one may have to "strip" extra signatures (ie. all but the self-signature) and/or identities from it due to a bug in rpm: https://bugzilla.redhat.com/90952 This is not specific to fedora-rpmchecksig BTW, but applies to rpm and GPG keys in general. People have posted utilities for doing the key stripping to bugzilla.fedora.us and elsewhere, maybe we should include one of those in rpmdevtools.
