Re: [Ring] Signature errors on rpm files

Wed, 03 May 2017 08:57:38 -0700 

Hi,

I don't know what to do here, I'm not an expert of Fedora/RPM
but the official command to check a package signature is "rpm -K package.rpm"

This gives on fedora25 package the following results:

rpm -K ring-daemon_x86_64.rpm
ring-daemon_x86_64.rpm: rsa sha1 (md5) pgp md5 OK

But... you need to have our public key installed on your system.
Do you have it?

If not, use these commands:

gpg --keyserver pgp.mit.edu --recv-keys A295D773307D25A33AE72F2F64CD5FA175348F84
gpg --export -a A295D773307D25A33AE72F2F64CD5FA175348F84 > /tmp/ring.pubkey
sudo rpm --import /tmp/ring.pubkey

then check again the package with rpm -K
You can check again the rpm -qpi command... on my side I don't have the warning 
with the pub key installed

Thanks,
Guillaume Roguez

----- Le 2 Mai 17, à 23:04,  [email protected] a écrit :

> It seems there are rpm bugs which cause signing errors when using gpg V4
> signatures.
> 
> Checking the signatures with gpg results in the following:
>         
>         
>    gpg --verify-files ring-daemon_x86_64.rpm
>         
>      gpg: no valid OpenPGP data found.
>         
> 
> Package information produces the NOKEY warning:
> 
>         
>    rpm -qpi ring-daemon_x86_64.rpm
>         
>      warning: ring-daemon_x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID
>      75348f84: NOKEY
>      Name        : ring-daemon
>      Version     : 20170501.1.628969d
>      Release     : 1.fc25
>      Architecture: x86_64
>      Install Date: (not installed)
>      Group       : Applications/Internet
>      Size        : 14299787
>      License     : GPLv3
>      Signature   : RSA/SHA512, Tue 02 May 2017 09:03:28 AM EDT, Key ID
>      64cd5fa175348f84
>      Source RPM  : ring-20170501.1.628969d-1.fc25.src.rpm
>      Build Date  : Tue 02 May 2017 09:03:07 AM EDT
>      Build Host  : 9cb3e23fc473
>      Relocations : (not relocatable)
>      URL         : https://ring.cx/
>      Summary     : Free software for distributed and secured communication - 
> daemon
>      Description :
>      Ring is free software for universal communication which respects freedoms
>      and privacy of its users.
>      .
>      This package contains the Ring daemon: dring.
> 
> 
> A web search gave me this link:
> https://serverfault.com/questions/624888/bad-signatures-or-nokey-errors-on-rpms-i-just-signed,
> and in it, this answer: gpg must use V3 RSA signatures to successfully sign an
> rpm package.
> 
> 
> 
> 
> 
> ----
> Sent using Guerrillamail.com
> Block or report abuse: 
> https://www.guerrillamail.com//abuse/?a=U0h6Ai0HTaFbhxyz

Reply via email to