[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

GPG key wierdness



Hi!

 I've some wierd stuff going on on my redhat 8.0 rpm build host.

I build a package like:
rpmbuild --sign -bb nagios.spec

my ~/rpmmacros says:

# GNUPG config below
%_signature gpg
%_gpg_path ~/.gnupg
%_gpgbin /usr/bin/gpg
%_gpg_name Brian Ipsen <Brian.Ipsen@andebakken.dk>

my GnuPG files are in ~/.gpg

Doing a gpg --list-keys gives me:

/root/.gnupg/pubring.gpg
------------------------
pub  1024D/874CB140 2003-01-06 Brian Ipsen <Brian.Ipsen@andebakken.dk>
uid                            Brian Ipsen <bipsen@nerdnet.dk>
sub  2048g/A91450D7 2003-01-06 [expires: 2004-01-01]

pub  1024D/DB42A60E 1999-09-23 Red Hat, Inc <security@redhat.com>
sub  2048g/961630A2 1999-09-23

Doing a 'rpm --checksig nagios-1.0-2.i386.rpm' does not return any errors
when executed on the buildhost.

Fine, I move the RPM file to another host. Doing a pgp --list-keys
gives me:

/root/.gnupg/pubring.gpg
------------------------
pub  1024D/874CB140 2003-01-06 Brian Ipsen <Brian.Ipsen@andebakken.dk>
uid                            Brian Ipsen <bipsen@nerdnet.dk>
sub  2048g/A91450D7 2003-01-06 [expires: 2004-01-01]

Same key - fine... I export the key in order to import it into RPM:

gpg -a --export 'Brian Ipsen <Brian.Ipsen@andebakken.dk' >key.asc

I import the key into the RPM key database:

rpm --import key.asc

The wierd part is now if I try to check the signature on the RPM
package:

# rpm --checksig nagios-1.0-2.i386.rpm
nagios-1.0-2.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS:
GPG#874cb140)

A 'rpm -qa gpg-pubkey*' gives me:

gpg-pubkey-85ee2ae5-322686f2
gpg-pubkey-00000000-3e19facd
gpg-pubkey-db42a60e-37ea5438

Now I wonder where my own public key has dissappeared to ??

Any comments/hints ??

Regards,

/Brian





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []