[csw-maintainers] Catalog public key

Maciej (Matchek) Bliziński maciej at opencsw.org
Mon Oct 3 09:58:22 CEST 2011


2011/10/3 Jeffery Small <jeff at cjsa.com>:
> I went away for six weeks and when I returned the catalog no longer updates
> with pkg-get -U from any mirror.  The catalog downloads and then I get the
> error:
>
> gpg: WARNING: unsafe ownership on configuration file `/u/jeff/.gnupg/gpg.conf'
> gpg: Signature made Sat Oct 01 21:36:25 2011 PDT using DSA key ID 9306CC77
> gpg: Can't check signature: public key not found
>
> ERROR: catalog failed signature check (status 2)
>
> You need to install the public key, either manually,
> or automatically through a keyserver.
> For keyserver use, try one of
>  echo keyserver search.keyserver.net >>/.gnupg/options
>  echo keyserver search.keyserver.net >>/.gnupg/gpg.conf
> Catalog failed signature verify. Quitting.
>
> I've tried the suggestions above with no positive results.  My gpg.conf file
> contained the line:
>
> keyserver hkp://subkeys.pgp.net
>
> and worked for years before.  Any suggestion as to what has changed and how
> to resolve it?  Pgp has always been something of a mystery to me.  Thanks.

GPG uses user's home directory to store keys.  One failure mode would
be to import keys to normal user's keyring and then run pkgutil as
root. The fix is to import the gpg key for the root user.

In the unstable catalog, we already have the cswpki package, which in
conjuction with pkgutil solves the problem - the package delivers the
key and pkgutil uses it.

If you want to do it manually, you can download the key from the mirrors page.

http://www.opencsw.org/mirrors/

Maciej


More information about the maintainers mailing list