verifying redhat rpms with gpg

tomg@iaw.on.ca tomg@iaw.on.ca
Thu, 21 Oct 1999 18:33:39 +0000


--W/nzBZO5zC0uMSeA
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

You actually have the GnuPG signature, this is good for checking
gnupg-1.0.0.tar.gz.asc, for example.

The redhat RPM will use a redhat signature (avialable on their
website/ftp site), you need to add that key, and then it should
work.

Also make sure that RPM knows how to use GPG (eg, does it know the
path there, or is it still looking for PGP).

Hope that helps,
TomG




>Hi
>
>I would like to verify redhat rpms with gpg, but I can't seem to get the
>key verification to work.=20
>
>On my Redhat 6.0 machine I downloaded and installed=20
>
>gnupg-1.0.0-1rh6.i386.rpm
>pgpgpg-0.13-1.i386.rpm
>
>then saved the key from http://www.gnupg.org/gnupg-sigkey.asc
>
>as /etc/gpgkey
>
>then issued
>
>gpg /etc/gpgkey
>
>This returned:=20
>
>pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>
>
>But when I tried to verify an rpm package with gpg, it still returned
>the error to me:=20
>
>>rpm -K lpr-0.44-1.i386.rpm
>lpr-0.44-1.i386.rpm: size md5 GPG NOT OK
>
>Note that I am rather confident the rpm is Ok - It comes from an AUSCERT
>link, has been installed for a couple of days and works fine. So I think
>there still is something wrong with my installation of the gpg
>verification system.=20
>
>Any help will be most appreciated.=20
>
>Thanks
>
>Hugo=20
>
>--=20
>Dr Hugo Bouckaert - Systems Administrator, Computer Science UWA
>Tel: +(61 8) 9380 2878 / Fax: +(61 8) 9380 1089
>Email: hugo@cs.uwa.edu.au / Web: http://www.cs.uwa.edu.au/~hugo
>
>
--W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (Linux) Comment: For info see http://www.gnupg.org iD8DBQE4D1yDeft5KNi607wRAuzgAJ95NkjybIE032NRmhQ461O1ttyQZgCdFODt wkCTaeOqvW4Q0uZDXeW92ak= =Sn5q -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--