[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

GPG problem with Tor RPM

To: or-dev@xxxxxxxx
Subject: GPG problem with Tor RPM
From: Chris <chris@xxxxxxxxxxx>
Date: Mon, 21 Mar 2005 15:02:01 +0000
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Mon, 21 Mar 2005 10:02:27 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.5.7i

Hi

I couldn't verify the RPMs using GPG:

  rpm -K tor-0.0.9.5-tor.0.fc1.i386.rpm
  tor-0.0.9.5-tor.0.fc1.i386.rpm: sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#28988bf5) 

  rpm -K tor-0.0.9.5-tor.0.fc1.src.rpm 
  tor-0.0.9.5-tor.0.fc1.src.rpm: sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#28988bf5) 

I do have the gpg key installed -- I did this:

  gpg --recv-key 0x28988bf5
  gpg: key 28988BF5: duplicated user ID detected - merged
  gpg: key 28988BF5: "Roger Dingledine <arma@xxxxxxx>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  gpg --export --armor arma@xxxxxxx > tor.asc

  rpm --import tor.asc

So I decided to install the SRPM and check the tgz, but
this is also not good:

  rpm -Uvh tor-0.0.9.5-tor.0.fc1.src.rpm 
  warning: tor-0.0.9.5-tor.0.fc1.src.rpm: V3 DSA signature: NOKEY, key ID 28988bf5
   1:tor ########################################### [100%]

  cd `rpm --eval '%{_sourcedir}'`

  wget http://tor.eff.org/dist/tor-0.0.9.5.tar.gz.asc

  gpg --verify tor-0.0.9.5.tar.gz.asc 
  gpg: Signature made Wed 23 Feb 2005 06:33:29 GMT using DSA key ID 28988BF5
  gpg: BAD signature from "Roger Dingledine <arma@xxxxxxx>"
  
However I then got the tgz from the site, checked the sig
OK and built my own RPM using that and it was OK.

Chris

-- 
Aktivix -- Free Software for a Free World

Follow-Ups:
- Re: GPG problem with Tor RPM
  - From: Roger Dingledine

Next by Author: Re: GPG problem with Tor RPM
Next by thread: Re: GPG problem with Tor RPM
Index(es):
- Author
- Thread