rpm / gpg key question.

Erik LaBianca erik at totalcirculation.com
Fri Mar 5 18:01:14 UTC 2004

> On 04.03.2004 15:48, Erik LaBianca wrote:
> > Do you have a shell script or anything that can automate this
> No :-(
> > This kind of stuff is what makes getting started with QA into a
> > nightmare.
> Yes. IMO this really needs to be fixed...
Yes, it needs to be fixed SOON if fedora.us / extra's is going to depend
as heavily on gpg as people seem to think it should.

Ok. So I wrote a shell script to download a key from the keyserver,
attempt to strip excess uid's and signatures, and load it into the
fedora keyring. I'd like to see it included in fedora-rpmdeveltools,
particularly once it properly strips keys for inclusion in the rpm
database. Please check it out at

It works for my key (736A7502).

It does not work for Ville Skytta's key (BCD241CB), which was the one I
was trying to load in the first place. His key isn't really a problem
since a working version of it is included with fedora-rpmdevtools,
however I imagine there will be others with the same problem.

I have been unable to make it work by hand, so my script is obviously
not working fully either. The script currently removes all extra uid's,
and all non-self signatures successfully on his key. However, rpm still
fails when attempting to check a signed SRPM.

I tried manually deleting all signatures except the self signatures from
all the uid's, and that didn't work either.

What's the magic incantation here?


More information about the devel mailing list