Description of problem: I am unable to import my gpg key into the rpm database. A sample signed package is available at http://www.tu-chemnitz.de/~ensc/fedora/clamav-0.71-0.fdr.1.src.rpm and my key at http://sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0x58E727C4C621BE0F | # rpm --import key.asc | # rpm -K clamav-0.71-0.fdr.1.src.rpm | clamav-0.71-0.fdr.1.src.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#922f7af9) | # /usr/lib/rpm/tgpg clamav-0.71-0.fdr.1.src.rpm | D: Expected size: 2627954 = lead(96)+sigs(772)+pad(4)+data(2627082) | D: Actual size: 2627954 | warning: clamav-0.71-0.fdr.1.src.rpm: V3 DSA signature: NOKEY, key ID 922f7af9 | gpg: reading options from `/home/ensc/.gnupg/options' | gpg: armor: BEGIN PGP SIGNATURE | gpg: armor header: Version: rpm-4.3.1 (beecrypt-3.0.0) | :signature packet: algo 1, keyid 7AE5D4B5922F7AF9 | version 3, created 1084963092, md5len 5, sigclass 00 | digest algo 2, begin of digest 3a 9d | data: 1D598... | gpg: Signature made Wed May 19 12:38:12 2004 CEST using RSA key ID 922F7AF9 | gpg: using secondary key 922F7AF9 instead of primary key C621BE0F | gpg: Good signature from "Enrico Scholz <enrico.scholz.de>" | gpg: key E421D146: accepted as trusted key | gpg: key 6B908105: accepted as trusted key | gpg: binary signature, digest algorithm SHA1 | secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 Version-Release number of selected component (if applicable): rpm-4.3.1-0.3
The --import is fixed in rpm CVS, will be in rpm-4.4-1 and later when built. The --import can be verified by adding %_hkp_keyserver hkp://sks.keyserver.penguin.de to /etc/rpm/mnacros and/or ~/.rpmmacros and doing visual inspection on rpm --import 0x58e727c4c621be0f rpm -qi gpg-pubkey-c621be0f to insure the fingerprint is correct. Signing from a secondary key is unlikely to be supported by rpm any time soon however.