some doubts about software

Tim ignored_mailbox at
Thu Jul 2 02:20:04 UTC 2009

On Wed, 2009-07-01 at 22:43 +0200, gilpel at wrote:
> If you ever have a reference on how to remove a repository whose key
> was inadvertently allowed to install -- in my case rpmfind -- as I was
> telling Tim, I'd be interested.

man rpm
Then type /gpg (and hit enter)
(the slash starts a search for the text typed after it.

       The general forms of rpm digital signature commands are

       rpm --import PUBKEY ...

       rpm {--checksig} [--nosignature] [--nodigest]
           PACKAGE_FILE ...

       The --checksig option checks all the digests and  signatures  contained
       in PACKAGE_FILE to ensure the integrity and origin of the package. Note
       that signatures are now  verified  whenever  a  package  is  read,  and
       --checksig  is useful to verify all of the digests and signatures asso-
       ciated with a package.

       Digital signatures cannot be verified without a public key.   An  ASCII
       armored  public key can be added to the rpm database using --import. An
       imported public key is carried in a header, and key ring management  is
       performed  exactly  like package management. For example, all currently
       imported public keys can be displayed by:

       rpm -qa gpg-pubkey*

       Details about a specific public key, when imported, can be displayed by
       querying.  Here’s information about the Red Hat GPG/DSA key:

       rpm -qi gpg-pubkey-db42a60e

       Finally,  public keys can be erased after importing just like packages.
       Here’s how to remove the Red Hat GPG/DSA key

       rpm -e gpg-pubkey-db42a60e

So, a rpm -qa ... to find the keys that RPM knows about, a rpm -qi ...
to find info about it (making doubly-sure you've got the right one),
then a rpm -e ... to erase a key you don't want to keep.

"apropos" is another command you might want to learn about.  It searches
your system for manual files, and other files, related to your query.

Beginner's hints:
man apropos
man locate
man man

[tim at localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the fedora-list mailing list