On 09/25/2012 11:02 AM, Müller-Reineke, Matthias wrote:
> Volker wrote:
>> On Tue, 2012-09-25 at 09:50 +0000, Müller-Reineke, Matthias wrote:
>>> What is missing?
>> The public key of the repository. Import it using rpm --import.
> I've copied the file to a TUV system. It can be checked there:
>
> ~/> rpm --checksig -v tomcat6-6.0.24-45.el6.src.rpm
> tomcat6-6.0.24-45.el6.src.rpm:
> Header V3 RSA/SHA256 Signature, key ID fd431d51: OK
> Header SHA1 digest: OK (906acdd5cf193699ef3028d438b12edf7c934d47)
> V3 RSA/SHA256 Signature, key ID fd431d51: OK
> MD5 digest: OK (7ec8af89e12e5ba43ee1a97e848e75a4)
>
>
> http://blog.andreas-haerter.com/2012/03/06/rpm-yum-gpg-key-verification-import-deletion-package-signature-check-cheat-sheet
> made me discover packages on the TUV system which contain TUVs public keys. Actually the description of these packages contains the ascii armored keys. Inserting the right one into a disk file and importing it (rpm --import) makes it possible to validate the source rpm on a Scientific Linux 6 system.
>
> Why are these public keys not included into Scientific Linux 6?
> Is it prohibited by TUV (from rpm -qi: License: pubkey)?
>
>
> Matthias
Isn't /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release the correct key on
SL6? This file is packaged with sl-release and should be present on all
SL6 systems.
$ gpg --throw-keyids < /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release |
grep ^pub | cut -f2 -d"/" | cut -f1,3- -d" "
FD431D51 Red Hat, Inc. (release key 2) <[log in to unmask]>
2FA658E0 Red Hat, Inc. (auxiliary key) <[log in to unmask]>
$ rpm -qpi firefox-*|grep Sign
Signature : RSA/8, Mon 20 Feb 2012 02:12:21 AM CST, Key ID
199e2f91fd431d51
Signature : RSA/8, Tue 13 Mar 2012 07:14:24 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Tue 24 Apr 2012 03:46:02 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Tue 05 Jun 2012 06:36:16 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Tue 17 Jul 2012 02:31:24 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Mon 27 Aug 2012 01:44:38 PM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Mon 01 Nov 2010 11:20:07 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Thu 09 Dec 2010 06:53:23 AM CST, Key ID
199e2f91fd431d51
Signature : RSA/8, Mon 28 Feb 2011 01:26:11 AM CST, Key ID
199e2f91fd431d51
Signature : RSA/8, Wed 16 Mar 2011 02:25:57 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Fri 22 Apr 2011 07:39:25 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Mon 20 Jun 2011 07:29:45 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Fri 12 Aug 2011 02:11:42 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Tue 06 Sep 2011 05:23:28 AM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Wed 28 Sep 2011 02:20:36 PM CDT, Key ID
199e2f91fd431d51
Signature : RSA/8, Mon 07 Nov 2011 07:32:29 AM CST, Key ID
199e2f91fd431d51
Signature : RSA/8, Tue 31 Jan 2012 07:42:18 AM CST, Key ID
199e2f91fd431d51
Signature : RSA/8, Wed 01 Sep 2010 01:47:06 PM CDT, Key ID
199e2f91fd431d51
$ rpm --checksig firefox-*
firefox-10.0.1-1.el6_2.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-10.0.3-1.el6_2.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-10.0.4-1.el6_2.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-10.0.5-1.el6_2.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-10.0.6-1.el6_3.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-10.0.7-1.el6_3.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.12-1.el6_0.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.13-2.el6_0.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.14-4.el6_0.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.15-2.el6_0.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.17-1.el6_0.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.18-1.el6_1.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.20-2.el6_1.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.22-1.el6_1.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.23-2.el6_1.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.24-3.el6_1.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.26-1.el6_2.src.rpm: rsa sha1 (md5) pgp md5 OK
firefox-3.6.9-2.el6.src.rpm: rsa sha1 (md5) pgp md5 OK
Pat
--
Pat Riehecky
Scientific Linux Developer
|
