From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.1 (X11; Linux i686; U;) Gecko/20020417 Description of problem: The man page says rpm should accept the --nopgp and --nogpg options to disable those tests when checking the signature of a package. The --help option doesn't list them though and rpm gives an error when they are added on the commandline. Version-Release number of selected component (if applicable): rpm-4.1-0.15 How reproducible: Always Steps to Reproduce: rpm --checksig --nopgp [some_package] or rpm --checksig --nogpg [some_package] Actual Results: rpm responds with "--nopgp: unknown option" or "--nogpg: unknown option", without checking the package's signature Expected Results: rpm should check the package without using the PGP or GPG tests Additional info: Interestingly, if the --no{pgp,gpg} options are omitted to avoid this error, some packages fail the signature check because of 'missing keys'. It seems that those packages, although valid, can not pass the check, either because rpm stops with this error, or because it can not check the GPG or PGP keys.
rpm-4.1 does not use gpg/pgp for signature verification. Yes, the doco needs to be updated, I'll get there when I get there.