John Allen <[EMAIL PROTECTED]> writes:
> > Check your urpmi configuration /etc/urpmi/urpmi.cfg, it often confuses
> > keys.
>
> OK gpg reports the keys from RPM-GPG-KEYS as
> pub 1024D/70771FF3 .... Mandrake Linux
>
> rpm tries to verify with a key 70771ff3
> urpmi has 9b4a4024
>
> I cannot even verify with rpm -K, even after an rpm --resign
1- verify you have the good keys in your pubkey:
[EMAIL PROTECTED] /tmp] rpm -q gpg-pubkey
gpg-pubkey-70771ff3-3c8f768f
gpg-pubkey-caba22ae-3cf2c469
First one is Mandrake one, second one, well I can't remember.
If you don't have Mandrake key right, export it from gpg and
import it in rpm, following instructions in the wiki. Warning,
the key in RPM-GPG-KEYS has id 70771ff3-3969e7de, it's an old
key[1].
You can verify you have the correct key by querying a package
(rpm -qp /path/to/a/recent/cooker/package.rpm). Here is the
output when rpm doesn't have the key in its pubkey ring:
[EMAIL PROTECTED] /tmp] rpm -qp /RPMS/frozen-bubble-1.0.0-6mdk.i586.rpm
warning: /RPMS/frozen-bubble-1.0.0-6mdk.i586.rpm: V3 DSA signature: NOKEY, key ID
70771ff3
frozen-bubble-1.0.0-6mdk
2- verify urpmi is configured to check medium "cooker" against
this right key id, either edit /etc/urpmi/urpmi.cfg for that[2]
or use "Manage keys" feature in a recent enough edit-urpm-media.
Output when everything is ok:
[EMAIL PROTECTED] ~] urpmi --test perl-SDL
installing /RPMS/perl-SDL-1.20.0-6mdk.i586.rpm
Preparing... ##################################################
Installation is possible
Output when key id for medium is incorrect in urpmi.cfg:
[EMAIL PROTECTED] ~] urpmi --test perl-SDL
The following packages have bad signatures:
/RPMS/perl-SDL-1.20.0-6mdk.i586.rpm: Invalid Key ID ((sha1) dsa sha1 md5 gpg
GPG#70771ff3 OK)
Do you want to continue installation ? (y/N)
Output when key id for medium is incorrect both for urpmi
and rpm:
[EMAIL PROTECTED] ~] urpmi --test perl-SDL
The following packages have bad signatures:
/RPMS/perl-SDL-1.20.0-6mdk.i586.rpm: Invalid signature ((SHA1) DSA sha1 md5 (GPG)
(MISSING KEY) GPG#70771ff3 NOT OK)
Do you want to continue installation ? (y/N)
Please note that when no key id is specified in urpmi config
file, no error message is output'ed by urpmi, provided rpm has
the key of course (for backwards compatibility).
Ref:
[1] Warly, time to update this file probably?
[2] Mine looks like:
cooker file://RPMS {
hdlist: hdlist.cooker.cz
with_hdlist: ../export/Mandrake/base/hdlist.cz
key-ids: 70771ff3
}
--
Guillaume Cottenceau - http://people.mandrakesoft.com/~gc/
