On Tue, 2012-09-25 at 09:50 +0000, Müller-Reineke, Matthias wrote: > Dear SL users, > > I want to check the authenticity of a source package which I obtained with > yum downloader this way: > > yumdownloader --source --disablerepo=epel tomcat6 > > When I try to verify the authenticity happens this: > > ~/> rpm --checksig -v tomcat6-6.0.24-45.el6.src.rpm > > tomcat6-6.0.24-45.el6.src.rpm: > Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY > Header SHA1 digest: OK (906acdd5cf193699ef3028d438b12edf7c934d47) > V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY > MD5 digest: OK (7ec8af89e12e5ba43ee1a97e848e75a4) > willfried@gvsl Tue Sep 25 11:32:59am > ~/> echo $? > 1 > > > What is missing?
The public key of the repository. Import it using rpm --import. Volker
