[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ring] Signature errors on rpm files
From: |
Guillaume Roguez |
Subject: |
Re: [Ring] Signature errors on rpm files |
Date: |
Wed, 3 May 2017 11:56:56 -0400 (EDT) |
Hi,
I don't know what to do here, I'm not an expert of Fedora/RPM
but the official command to check a package signature is "rpm -K package.rpm"
This gives on fedora25 package the following results:
rpm -K ring-daemon_x86_64.rpm
ring-daemon_x86_64.rpm: rsa sha1 (md5) pgp md5 OK
But... you need to have our public key installed on your system.
Do you have it?
If not, use these commands:
gpg --keyserver pgp.mit.edu --recv-keys A295D773307D25A33AE72F2F64CD5FA175348F84
gpg --export -a A295D773307D25A33AE72F2F64CD5FA175348F84 > /tmp/ring.pubkey
sudo rpm --import /tmp/ring.pubkey
then check again the package with rpm -K
You can check again the rpm -qpi command... on my side I don't have the warning
with the pub key installed
Thanks,
Guillaume Roguez
----- Le 2 Mai 17, à 23:04, address@hidden a écrit :
> It seems there are rpm bugs which cause signing errors when using gpg V4
> signatures.
>
> Checking the signatures with gpg results in the following:
>
>
> gpg --verify-files ring-daemon_x86_64.rpm
>
> gpg: no valid OpenPGP data found.
>
>
> Package information produces the NOKEY warning:
>
>
> rpm -qpi ring-daemon_x86_64.rpm
>
> warning: ring-daemon_x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID
> 75348f84: NOKEY
> Name : ring-daemon
> Version : 20170501.1.628969d
> Release : 1.fc25
> Architecture: x86_64
> Install Date: (not installed)
> Group : Applications/Internet
> Size : 14299787
> License : GPLv3
> Signature : RSA/SHA512, Tue 02 May 2017 09:03:28 AM EDT, Key ID
> 64cd5fa175348f84
> Source RPM : ring-20170501.1.628969d-1.fc25.src.rpm
> Build Date : Tue 02 May 2017 09:03:07 AM EDT
> Build Host : 9cb3e23fc473
> Relocations : (not relocatable)
> URL : https://ring.cx/
> Summary : Free software for distributed and secured communication -
> daemon
> Description :
> Ring is free software for universal communication which respects freedoms
> and privacy of its users.
> .
> This package contains the Ring daemon: dring.
>
>
> A web search gave me this link:
> https://serverfault.com/questions/624888/bad-signatures-or-nokey-errors-on-rpms-i-just-signed,
> and in it, this answer: gpg must use V3 RSA signatures to successfully sign an
> rpm package.
>
>
>
>
>
> ----
> Sent using Guerrillamail.com
> Block or report abuse:
> https://www.guerrillamail.com//abuse/?a=U0h6Ai0HTaFbhxyz