Skip to main content

pkgutil: Bad signature detected in catalog!

For some reason, this happened:

# pkgutil -u CSWpkgutil
Checking integrity of ../catalog.mirrors.usc.edu_pub_csw_unstable_sparc_5.10 with gpg.
gpg: Signature made Wed Oct 05 12:32:42 2011 PDT using DSA key ID 9306CC77
gpg: Can't check signature: public key not found
Bad signature detected in catalog!
But the key had been imported already:
# gpg --list-keys 9306CC77
pub   1024D/9306CC77 2011-08-31
uid                  OpenCSW catalog signing 
sub   2048g/971EDE93 2011-08-31
So why would pkgutil not recognize it? truss(1) to the rescue!
# truss -elfda pkgutil -u CSWpkgutil
[...]
20753/1:         3.2282 execve("/opt/csw/bin/gpg", 0x0020A208, 0x00028B60)  argc = 5
20753/1:         argv: /opt/csw/bin/gpg --homedir /var/opt/csw/pki --verify
[....]
20753/1:         3.3719 open("/var/opt/csw/pki/pubring.gpg", O_RDONLY)  = 3
Aha! So we need to import the key to CSWpkgutil's keystore:
# gpg --homedir /var/opt/csw/pki --keyserver keys.gnupg.net --recv-key 9306CC77
gpg: requesting key 9306CC77 from hkp server keys.gnupg.net
gpg: key 9306CC77: public key "OpenCSW catalog signing " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
After doing that (and setting the key's trust) pkgutil worked again :-)