6

I'm working an a CentOS 5.4 host with rpm version 4.4.2.3-18.el5 and gpg version 1.4-2 I signed an rpm with the command 

> rpm --define '_signature gpg' --define '_gpg_path /path/to/keys' --define '_gpg_name mygpgname' -K myrpm.rpm

The command succeeds, and repeating the command gives a warning message that the rpm was already signed with the key.

However, when I try to verify the signature with an rpm -K it returns a NOT OK (MISSING_KEYS) result.

> rpm -K myrpm.rpm

> GNUPGHOME=/path/to/keys rpm --define '_signature gpg' --define '_gnupghome /path/to/keys' --define '_gpg_name mygpgname' -K myrpm.rpm
myrpm.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#12345678)

I assume I'm setting the path to the keys wrong somehow. I've also tried setting GPGPATH=/path/to/keys with no luck.

Does anyone have any suggestions how I can get the rpm -K to find the missing keys ?

4

1 回答 1

7

Have you imported your public GPG key with the rpm --import <key> command?

If you don't want to store your GPG key in your default RPM configuration database(s), then you need to provide a _gpg_path definition in your command. Note that the last command is missing _gpg_path, although it has nearly every other gpg* definition that you'll likely need.

Personally, I set such definitions in my $(HOME)/.rpmmacros file to avoid having to type these many times on the command line.

于 2011-03-24T16:33:44.710 回答