I'm trying to include documentation for gpg signature checking in my quickstart guide at http://www.ilsw.com/~erik/fedora-qa-quickstart.html. I'm not sure why this isn't working, but maybe someone can help me. I run rpm --checksig on a package and get rpm --checksig perl-Example-Package-1.0-0.fdr.1.src.rpm perl-Example-Package-1.0-0.fdr.1.src.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#GPG_KEY_ID) So I run gpg --keyserver pgp.mit.edu --recv-key GPG_KEY_ID gpg -a --export GPG_KEY_ID > /tmp/key && sudo rpm --import /tmp/key && rm /tmp/key and now rpm -qa gpg-pubkey* reports a bunch of keys. However, rpm --checksig still fails. Why? In addition, in trying to make this work, rpm now has several copies of the same key installed. In addition, since they are duplicate, trying to remove one with sudo rpm -e gpg-pubkey-version-release fails, saying error: "gpg-pubkey-54b2ad8b*" specifies multiple packages What gives? Thanks --erik
