FedoraForum.org - View Single Post - Why can't I sign an RPM package with my GPG key?

KevinDrums · #3 15th April 2012, 09:23 PM

That worked! I signed my packages. Then I tried to verify the signatures. Earlier I did:

Code:

gpg --export -a cb31ebcc > kevinc-cb31ebcc.key
sudo rpm --import kevinc-cb31ebcc.key

That used to be enough years ago. But, I would now get

Code:

rpm --checksig ../homebrew/fedora/16/noarch/*
../homebrew/fedora/16/noarch/rmmr-1.8-3kc_fc16.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#cb31ebcc) 
../homebrew/fedora/16/noarch/sharmail-1.6-3kc_0tek_fc16.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#cb31ebcc)

It appears that I now also need to copy the key

Code:

sudo cp kevinc-cb31ebcc.key /var/lib/rpm/pubkeys/

Now I get

Code:

rpm --checksig ../homebrew/fedora/16/noarch/*
../homebrew/fedora/16/noarch/rmmr-1.8-3kc_fc16.noarch.rpm: (sha1) dsa sha1 md5 gpg OK
../homebrew/fedora/16/noarch/sharmail-1.6-3kc_0tek_fc16.noarch.rpm: (sha1) dsa sha1 md5 gpg OK

Thanks!

---------- Post added at 01:23 PM ---------- Previous post was at 01:06 PM ----------

It turns out that putting my keys into /var/lib/rpm/pubkeys to get 'rpm --checksig' working ends up breaking 'yum update'.

http://forums.fedoraforum.org/showpo...49&postcount=3

So, I tried 'sudo gpg --import kevinc-cb31ebcc.key' which works to get 'rpm --checksig' working. I'll have to wait for the next set of updates to see if these keys broke that.

A long time ago having root import my GPG keys didn't work very well. See here http://www.mombu.com/gnu_linux/red-h...-11049416.html

Thanks....