rpm / gpg key question.
Erik LaBianca
erik at totalcirculation.com
Fri Mar 5 18:01:14 UTC 2004
>
> On 04.03.2004 15:48, Erik LaBianca wrote:
>
> > Do you have a shell script or anything that can automate this
process?
>
> No :-(
>
> > This kind of stuff is what makes getting started with QA into a
complete
> > nightmare.
>
> Yes. IMO this really needs to be fixed...
>
Yes, it needs to be fixed SOON if fedora.us / extra's is going to depend
as heavily on gpg as people seem to think it should.
Ok. So I wrote a shell script to download a key from the keyserver,
attempt to strip excess uid's and signatures, and load it into the
fedora keyring. I'd like to see it included in fedora-rpmdeveltools,
particularly once it properly strips keys for inclusion in the rpm
database. Please check it out at
http://www.ilsw.com/~erik/fedora-installkey
It works for my key (736A7502).
It does not work for Ville Skytta's key (BCD241CB), which was the one I
was trying to load in the first place. His key isn't really a problem
since a working version of it is included with fedora-rpmdevtools,
however I imagine there will be others with the same problem.
I have been unable to make it work by hand, so my script is obviously
not working fully either. The script currently removes all extra uid's,
and all non-self signatures successfully on his key. However, rpm still
fails when attempting to check a signed SRPM.
I tried manually deleting all signatures except the self signatures from
all the uid's, and that didn't work either.
What's the magic incantation here?
--erik
More information about the fedora-devel-list
mailing list