Our website would like to use cookies to store information on your computer. You may delete and block all cookies from this site, but parts of the site will not work as a result. Find out more about how we use cookies.

Login or Register

Powered by
Powered by Novacaster
 
CPAN Signatures and GnuPG
by Simon at 16:50 22/03/06 (Forum::Technical Advice::General)
While attempting to upgrade Bundle::CPAN on an old RedHat 7.1 box I found I was having trouble validating the SIGNATURE files against pgp.mit.edu.

Investigation revealed that the version of gnupg I had installed (gnupg-1.0.4-11) was failing due to its apparent omission to prefix HEX key ids with '0x'. I can only guess that the interface at pgp.mit.edu has changed at some point.

The error messages I was getting were like this:

gpg: requesting key A317C15D from x-hkp://pgp.mit.edu:11371 ...
gpg: can't get key from keyserver: No such file or directory
gpg: Can't check signature: public key not found
==> BAD/TAMPERED signature detected! <==

The earliest version of GnuPG that I could find that fixed the problem (and didn't have a dependency on libc.so.6) was ftp://rpmfind.net/linux/redhat/7.3/en/os/i386/RedHat/RPMS/gnupg-1.0.6-5.i386.rpm

Posted here to aid anyone else who may come across a similar issue in the future, as my own Googling didn't turn anything useful up.

-- simon
<< OK I give up Guy Kewney and his interview >>
Printer Version