CPAN Signatures and GnuPG
by Simon at 16:50 22/03/06 (Forum::Technical Advice::General)
While attempting to upgrade Bundle::CPAN on an old RedHat 7.1 box I found I was having trouble validating the SIGNATURE files against

Investigation revealed that the version of gnupg I had installed (gnupg-1.0.4-11) was failing due to its apparent omission to prefix HEX key ids with '0x'. I can only guess that the interface at has changed at some point.

The error messages I was getting were like this:

gpg: requesting key A317C15D from x-hkp:// ...
gpg: can't get key from keyserver: No such file or directory
gpg: Can't check signature: public key not found
==> BAD/TAMPERED signature detected! <==

The earliest version of GnuPG that I could find that fixed the problem (and didn't have a dependency on was

Posted here to aid anyone else who may come across a similar issue in the future, as my own Googling didn't turn anything useful up.

-- simon
<< OK I give up Guy Kewney and his interview >>
Powered by
Powered by Novacaster