verifying rpm's with GnuPG

H. Wade Minter minter@lunenburg.org
Fri, 14 Jul 2000 11:25:08 -0400 (EDT)


Did you get Red Hat's public key and add it to your keyring before
attempting to verify the packages?

On Fri, 14 Jul 2000, John O'Brien wrote:


> Hi,
>
> I'm in the process of upgrading my Red Hat Linux kernel by
> downloading 6 rpm files from
> http://www.redhat.com/support/errata/RHBA-2000018-10.html
> and following the instructions at
> http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
>
> Among which is a command to confirm the rpm's...
>
> rpm -K --nopgp *.rpm
>
> which gives me (for example)
>
> kernel-headers-2.2.14-12.i386.rpm: md5 GPG NOT OK
>
> I've managed to figure out that GPG refers to GnuPG which I've
> obtained and installed, again via rpm, from the Red Hat site.
>
> Now, my question is what do I do now? All 6 kernel.rpm's give me
> this message and took ages to download. Do I really have to try
> to download them all again or is there some configuration I have
> to do with the GnuPG package? I've tried looking at the manpages
> and an online manual http://www.gnupg.org/gph/en/manual/book1.html
> but, to be honest, I find them both pretty opaque.
>
> Thanks in advance for any help, please CC jkobrien@rcsi.ie,
>
>
> John O'Brien
>
> p.s. rpm -q rpm gnupg
>