https://bugzilla.redhat.com/show_bug.cgi?id=2035958
--- Comment #23 from Benson Muite benson_muite@emailplus.org --- The following works for me:
%gpgverify seems to use gpgv https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/54#request... The key is available at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xe9899d784a977416 If this text is saved as aqbanking.key then one can do the following $ gpg --dearmor < aqbanking.key > aqbanking.gpg $ gpgv --keyring=./aqbanking.gpg libchipcard-5.1.6.tar.gz.asc libchipcard-5.1.6.tar.gz gpgv: Signature made Fri 17 Sep 2021 06:46:42 PM EAT gpgv: using RSA key 42400AF5EB2A17F0A69BB551E9899D784A977416 gpgv: Good signature from "AqBanking Package Key packages@aqbanking.de"
One can also use $gpg --receive-keys 0x4A977416 gpg: key E9899D784A977416: public key "AqBanking Package Key packages@aqbanking.de" imported gpg: Total number processed: 1 gpg: imported: 1
$ gpg --verify libchipcard-5.1.6.tar.gz.asc gpg: assuming signed data in 'libchipcard-5.1.6.tar.gz' gpg: Signature made Fri 17 Sep 2021 06:46:42 PM EAT gpg: using RSA key 42400AF5EB2A17F0A69BB551E9899D784A977416 gpg: Good signature from "AqBanking Package Key packages@aqbanking.de" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4240 0AF5 EB2A 17F0 A69B B551 E989 9D78 4A97 7416
Though this would only work when the build has internet access, but is an easier way to verify things work before adding the key file to the sources.