verifying rpms - public key not found

Chris cpollock at embarqmail.com
Fri Jul 3 16:02:19 CEST 2009 

On Fri, 2009-07-03 at 09:57 +0200, Michel Messerschmidt wrote:
> On Fri, July 3, 2009 07:21, Daniel Kahn Gillmor wrote:
> > On 07/03/2009 12:04 AM, Chris wrote:
> >> [chris at localhost ~]$ gpg
> >> --check-sig /home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm
> >> gpg: using PGP trust model
> >> gpg: key 98E6705C: accepted as trusted key
> >> gpg: error reading key: public key not found
> >
> > You're probably interested in something like gpg --verify, but i don't
> > know exactly how signed .rpms work (i work with .debs mostly, which have
> > external signatures), so hopefully someone else can pipe up with the
> > specifics.
> 
> rpm provides its own verification command:
> rpm -v --checksig <rpm-file>
> 
> It won't succeed though if your key is only available in the gnupg keyring
> but was not imported into the rpm database - that's what the "rpm --import"
> command is used for).
> 
> 
> Michel
> 
Thank you Michel, I was using the wrong command. 

[chris at localhost ~]$ rpm -v
--checksig /home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm
/home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm:
    Header V4 DSA signature: OK, key ID 98e6705c
    Header SHA1 digest: OK (bb1fc6b767ada68c62ee0c077aa44ccebfe0813d)
    MD5 digest: OK (90f2920ee1c6855c8657928d31a2dacd)
    V4 DSA signature: OK, key ID 98e6705c

And now I see that when trying to sign an rpm I get:

[chris at localhost ~]$ rpmbuild -bs -v
--sign /home/chris/rpm/SPECS/clamav.spec
Enter pass phrase: 
gpg: skipped "Chris Pollock (New email address as of 04/21/07)
<cpollock at embarqmail.com>": secret key not available
gpg: signing failed: secret key not available
Pass phrase check failed

I'm confused now as to why it says this, --list-keys shows this:

[chris at localhost ~]$ gpg --list-keys cpollock at embarqmail.com
gpg: using character set `utf-8'
gpg: using PGP trust model
gpg: key 98E6705C: accepted as trusted key
pub   1024D/98E6705C 2005-11-23
uid                  Chris Pollock (New email address as of 04/21/07)
<cpollock at embarqmail.com>
uid                  Chris Pollock <cpollock at earthlink.net>
sub   2048g/F5604046 2005-11-23

Thought I'd re-import my secret key and get this:

gpg: sec  1024D/98E6705C 2005-11-23   Chris Pollock
<cpollock at earthlink.net>
gpg: key 98E6705C: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

Why is my old email address still shown? 

Chris

-- 
KeyID 0xE372A7DA98E6705C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20090703/dfd23e34/attachment.pgp>

More information about the Gnupg-users mailing list