On Thu, 2004-03-04 at 23:37, Erik LaBianca wrote: > I run rpm --checksig on a package and get > > rpm --checksig perl-Example-Package-1.0-0.fdr.1.src.rpm > perl-Example-Package-1.0-0.fdr.1.src.rpm: (SHA1) DSA sha1 md5 (GPG) NOT > OK (MISSING KEYS: GPG#GPG_KEY_ID) > > So I run > > gpg --keyserver pgp.mit.edu --recv-key GPG_KEY_ID > gpg -a --export GPG_KEY_ID > /tmp/key && sudo rpm --import /tmp/key && > rm /tmp/key > > and now rpm -qa gpg-pubkey* reports a bunch of keys. > > However, rpm --checksig still fails. Why? Confusing, I know. It works if you use rpm instead of gpg to import the keys. rpm --import /usr/share/doc/fedora-release-1/RPM-GPG-KEY rpm --import /usr/share/doc/fedora-release-1/RPM-GPG-KEY-fedora > In addition, in trying to make this work, rpm now has several copies of > the same key installed. In addition, since they are duplicate, trying to > remove one with sudo rpm -e gpg-pubkey-version-release fails, saying > > error: "gpg-pubkey-54b2ad8b*" specifies multiple packages > > What gives? Known bug. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68290 Have a look at the man page of rpm. Use --allmatches to remove all duplicates of a key at once.
Attachment:
signature.asc
Description: This is a digitally signed message part
