rpm cannot verify fwupdate packages' PGP signatures
qralston+ml.dell-poweredge at andrew.cmu.edu
Fri Jun 18 12:22:02 CDT 2010
On 2010-06-18 at 13:00-04 James Ralston wrote:
> warning: rpmts_HdrFromFdno: V3 DSA signature: NOKEY, key ID 5e3d7775
> Public key for system_bios_PowerEdge_2850-A06-20.noarch.rpm is not installed
> Retrieving GPG key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-libsmbios
> GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-libsmbios (0x5E3D7775) is already installed
> The GPG keys listed for the "Firmware updates" repository are already installed but they are not correct for this package.
> Check that the correct key URLs are configured for this repository.
An additional piece of information that might help: we rsync the
fwupdate repository locally on a nightly basis, and we verify the PGP
signatures after we do so.
I went back and checked our logs, and found:
As of 2010-05-25 at 04:00-04, we had no difficulty verifying the PGP
signatures of the RPM packages in the fwupdate repository.
As of 2010-05-26 at 04:42-04, PGP signature verification of
packages in the fwupdate repository failed.
Looking at our local copies of the rpm files, they all have mtime
values that fall between:
$ ls -lsa system_bios_ven_0x1028_dev_0x02fb-A00-20.noarch.rpm
876 -rw-r--r-- 1 root root 885675 May 25 12:36 system_bios_ven_0x1028_dev_0x02fb-A00-20.noarch.rpm
So, I strongly suspect that on 2010-05-25 at 12:35:22-04, something or
someone went through and re-signed all of the RPMs in the fwupdate
repository. But I think the version of rpm used to do so produced
More information about the Linux-PowerEdge