RPM public key import bug

John Dalbec jpdalbec at ysu.edu
Fri Feb 27 16:35:55 UTC 2004 

When I rpm --import a public key with the RHL 8.0 legacy-utils RPM packages, the 
version of the gpg-pubkey package is not taken from the key ID.  Instead RPM 
finds the first sig 3 (what does the 3 mean?) and versions the package after the 
key ID from that signature.  In some cases this makes the key useless for 
verifying RPMs since the RPM version doesn't match the key ID.  Is there a 
standard that says the first sig 3 should be from the key itself?
Thanks,
John

[jpdalbec at testing07 jpdalbec]$ mkdir -m 700 gpghome
[jpdalbec at testing07 jpdalbec]$ gpg --homedir gpghome --keyserver pgp.mit.edu 
--recv-keys 54a2acf1
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: keyring `gpghome/secring.gpg' created
gpg: keyring `gpghome/pubring.gpg' created
gpg: requesting key 54A2ACF1 from HKP keyserver pgp.mit.edu
gpg: gpghome/trustdb.gpg: trustdb created
gpg: key 54A2ACF1: public key imported
gpg: Total number processed: 1
gpg:               imported: 1
[jpdalbec at testing07 jpdalbec]$ gpg --homedir gpghome --list-sigs 54a2acf1
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
pub  1024D/54A2ACF1 2002-11-25 Warren Togami (Linux) <warren at togami.com>
sig         9B649644 2003-02-09   [User id not found]
sig         BAE32F33 2003-08-24   [User id not found]
sig         67899E2B 2003-02-20   [User id not found]
sig         3ED6F034 2003-05-25   [User id not found]
sig 2       D881FF60 2003-04-23   [User id not found]
sig 2       B8AF1C54 2003-06-03   [User id not found]
sig 2       1B0390E0 2002-11-25   [User id not found]
sig 2       3FF87D98 2003-02-09   [User id not found]
sig 2       BCD241CB 2003-02-13   [User id not found]
sig 2       3C9DB0AA 2003-03-31   [User id not found]
sig 2       E421D146 2003-05-27   [User id not found]
sig 2       C58CF1CB 2003-06-27   [User id not found]
sig 2       E42D547B 2003-08-19   [User id not found]
sig 2       78688BF5 2004-01-08   [User id not found]
sig 2       9D6B4012 2004-01-15   [User id not found]
sig 2       A1906F09 2004-02-14   [User id not found]
sig 3       780C9288 2003-01-30   [User id not found]
sig 3       8E279021 2003-02-22   [User id not found]
sig 3       AA168599 2002-11-25   [User id not found]
sig 3       EE9FC38B 2003-01-24   [User id not found]
sig 3       55F3AA6F 2003-01-24   [User id not found]
sig 3       9B8DEC2A 2003-02-06   [User id not found]
sig 3       D885D953 2003-03-21   [User id not found]
sig 3       8DF56D05 2003-03-27   [User id not found]
sig 3       99F0D661 2003-03-27   [User id not found]
sig 3       C5575542 2003-05-27   [User id not found]
sig 3       54A2ACF1 2002-11-25   Warren Togami (Linux) <warren at togami.com>
sig 3       54A2ACF1 2002-11-25   Warren Togami (Linux) <warren at togami.com>
sub  2048g/4AD75982 2002-11-25 [expires: 2007-11-24]
sig         54A2ACF1 2002-11-25   Warren Togami (Linux) <warren at togami.com>

[jpdalbec at testing07 jpdalbec]$ gpg --homedir gpghome --armor --export 54a2acf1 > tmp
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
[jpdalbec at testing07 jpdalbec]$ mkdir rpmroot
[jpdalbec at testing07 jpdalbec]$ rpm --root $(pwd)/rpmroot --import tmp
[jpdalbec at testing07 jpdalbec]$ rpm --root $(pwd)/rpmroot -q gpg-pubkey
gpg-pubkey-780c9288-3e38e07d
[jpdalbec at testing07 jpdalbec]$

More information about the fedora-legacy-list mailing list