verifying rpm's with GnuPG
H. Wade Minter
Fri, 14 Jul 2000 11:25:08 -0400 (EDT)
Did you get Red Hat's public key and add it to your keyring before
attempting to verify the packages?
On Fri, 14 Jul 2000, John O'Brien wrote:
> I'm in the process of upgrading my Red Hat Linux kernel by
> downloading 6 rpm files from
> and following the instructions at
> Among which is a command to confirm the rpm's...
> rpm -K --nopgp *.rpm
> which gives me (for example)
> kernel-headers-2.2.14-12.i386.rpm: md5 GPG NOT OK
> I've managed to figure out that GPG refers to GnuPG which I've
> obtained and installed, again via rpm, from the Red Hat site.
> Now, my question is what do I do now? All 6 kernel.rpm's give me
> this message and took ages to download. Do I really have to try
> to download them all again or is there some configuration I have
> to do with the GnuPG package? I've tried looking at the manpages
> and an online manual http://www.gnupg.org/gph/en/manual/book1.html
> but, to be honest, I find them both pretty opaque.
> Thanks in advance for any help, please CC email@example.com,
> John O'Brien
> p.s. rpm -q rpm gnupg