* Joachim Schrod schrieb am 15.03.11 um 14:51 Uhr: > Hi, Hi Joachim,
> > I still have issues with the Packman signing key. > > A few days ago, problems during zypper refresh were mentioned, > because repomd.xml.key was defect. This is *NOT* the issue I want > to bring up. But it might be the same issue that John Field brought > up at 2011-03-10. > > I'm using openSUSE 11.1. But, AFAICS, that's not relevant; the same > error happens with downloaded 11.4 packages. > > During update, RPM complains about packet signatures, e.g., for libavutil50: > libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm: Header V4 > RSA/SHA1 signature: BAD, key ID 1abd1afb > And, sure enough: > # rpm -Kv libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm > libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm: > Header V4 RSA/SHA1 signature: BAD, key ID 1abd1afb > Header SHA1 digest: OK (6a5712c079b4a93926cf4ea33caa4f46fc7aa3b4) > V4 RSA/SHA1 signature: BAD, key ID 1abd1afb > MD5 digest: OK (083f96f42f9495e4ab3a6ccfff73467a) This must be a local issue it your site. The rpm in the repository is ok: rpm -Kv ./i586/libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm ./i586/libavutil50-0.6.201103092102git-1.pm.2.1.i586.rpm: Header V4 RSA/SHA1 Signature, key ID 1abd1afb: OK Header SHA1 digest: OK (6a5712c079b4a93926cf4ea33caa4f46fc7aa3b4) V4 RSA/SHA1 Signature, key ID 1abd1afb: OK MD5 digest: OK (083f96f42f9495e4ab3a6ccfff73467a) gpg-pubkey-1abd1afb-4c97c60c > > The RPM key database has two keys with that ID, > gpg-pubkey-1abd1afb-48d62ce0 expired at 2010-09-21; > gpg-pubkey-1abd1afb-4c97c60c expires at 2014-09-19. You only need the latter. > I checked that removal of the older key has no effect. > > I also rpm-imported the most current signing key that's available as > repomd.xml.key or gpg-pubkey-1abd1afb.asc at the repository top. > (After rpm-removing gpg-pubkey-1abd1afb-4c97c60c, of course.) > Still bad RPM signatures. > > Then I thought "let's reinstall rpmkey-packman", maybe that brings a new > correct key. Well, installing the current version of that > package hoses the RPM key database: AFAICT this package is not required anymore. Maybe the problem is that it MUST NOT be installed at all? > > # rpm -qa 'gpg-pubkey*' | grep -i 1abd1afb > error: rpmdbNextIterator: skipping h# 5324 Header V4 RSA/SHA1 signature: > BAD, key ID 1abd1afb rpm -qa 'gpg-pubkey*' | grep -i 1abd1afb gpg-pubkey-1abd1afb-4c97c60c > > Arrgh. Glad I had a backup of /var/lib/rpm/. > > Then I decided to ask here. :-) > Where do I find the correct RPM key for RPM signature checks? > I.e., completely without zypper, I want to rpm --import a key, and > then be able to rpm -Kv a package without errors. > > Thanks in advance for any pointer, > > Joachim > > PS: The signing key in package rpmkey-packman is the one that expired > at 2010-09-21. Is that package not relevant any more for key updates? > Should one uninstall it anyhow? I am sure you can uninstall it. -Marc -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134 _______________________________________________ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman