Red Hat Bugzilla – Bug 4013
rpm 3.0.2-60 will no longer verify PGP signatures with pgp5.0
Last modified: 2008-05-01 11:37:51 EDT
RPM 3.0-60 would use PGP-5.0i-7 (the ONLY pgp installed) to
verfify PGP signatures on .rpm packages via 'rpm -K
foo-1.0-1.i386.rpm' after upgrading from rpm 3.0 to rpm
3.0.2 using the same command that worked flawlessly on 3.0
will result in the following error text on stdout:
PGP is now invoked from different executables for different
pgpe Encrypt (including Encrypt/Sign)
pgpk Key management
pgpo PGP 2.6.2 command-line simulator (not yet
See each application's respective man page or the general
for more information.
I believe the problem lies in the fix reported in CHANGES
for 3.0.1 where RPM will prefer pgp2.6.3 to 5.0.x if both
are installed, I believe that RPM is not properly detecting
the 5.0 version of pgp as being version 5 and attempting to
use it as it would 2.6.x, resulting in the previous error.
Fixed in (not yet released) rpm-3.0.3.