test local rpm file in place for consistency, size, etc.
Skunk Worx
skunkworx at verizon.net
Wed Nov 23 15:59:21 UTC 2011
On 11/22/2011 08:44 PM, Andre Robatino wrote:
> Andre Robatino<robatino<at> fedoraproject.org> writes:
>
>> The old keys are available at https://fedoraproject.org/en/keys under "OBSOLETE
>> KEYS" if you want to download and import them.
>
> Should add that by default yum checks RPMs against ANY of your imported keys, so
> you should probably uninstall obsolete keys like this after using them.
> Importing a key creates a package with a name like
> "gpg-pubkey-a82ba4b7-4e2df47d" which you can remove in the usual way. You can
> identify which key is which by running "rpm -qi gpg-pubkey-a82ba4b7-4e2df47d |
> grep ^Summary", for example. I filed
> https://bugzilla.redhat.com/show_bug.cgi?id=422221 a long time ago for yum to
> check that a package is signed with a specific repo's key, but it hasn't been
> implemented yet.
>
Thanks Andre -- this worked great -- all of the rpms resolved to 'gpg ok'.
I truncated one file as a test and it failed.
I ran across this :
http://fedoraproject.org/wiki/Enabling_new_signing_key
...but the link for the F9 new kwy is broken and the sha1sum on the web
page doesn't match the fedora-release-9-5.transition.noarch.rpm in koji.
http://kojipkgs.fedoraproject.org/packages/fedora-release/9/5.transition/noarch/fedora-release-9-5.transition.noarch.rpm
My sha1sum says :
9374b20a8e30f6d0423e2ffaae0dc985333c2664
rpm -K passed for it and the fingerprint of the
RPM-GPG-KEY-fedora-8-and-9 key matched OBSOLETES so I decided it was
good and used it.
---
John
More information about the users
mailing list